Users with a single role can access the child or grandchild object details only if it satisfies all the data security filters that exist on the primary object’s child or grandchild column.
Consider, for example, a data security model in which the user has the role, SalesManager- NY and has the following security filters configured:
Filter 1: State code is NY.
Filter 2: Phone type is Business and Home.
Filter 3: Person salutation code is MR.
Using the data security model mentioned above, consider a scenario where the database has a primary object record: Mr. Robin Cameron, who has the Billing address in CA, TX and NY State and Business and facsimile as phone type. User with Sales Manager- NY role can see only address in NY State on billing address tab and only Business phone on Telephones tab, all other records on both tabs are filtered out.