The permission file is structured so that you can apply access on the row level with single value in the permission field. This acts as a dynamic filter on the dataset level so that your data source is unchanged but you keep security. It’s also scalable.
For example, if I have a director, manager, team lead, and direct report I could define their permissions by Region, subregion, team, and then book of business. Now, the director can see the book of business for the entire region with scaling granularity down to the direct report.
The reason this works is when you join the datasets QuickSight knows that based on the user that logins in, they should only see data relating to the value in your permission field, acting as a sort of static filter.