Using a query rule is OK as well, but you'll have to be a bit more careful than with ACL. The query rules will limit what results will be queried, while ACL will let you query all and limit what can be accesses. So for example if you have 100 records and both ACL and query rule limit the same 10. Query rule will only retrieve 90 records. ACL is run after query and it will hide 10 records AND if the user looks at the whole table (without filters) they will see a text saying that x amount of records where hidden due to security. Query rule does not tell you this.

Now with query rule if you just use the condition Ankur gave:

gs.getSession().isInteractive() && gs.getUserID() == 'specificUserSysId'

You're saying that trigger BR if current user is one specific user. Of course you're not supposed to hard code such a value. You'll have to figure out a condition where it will trigger. For example if user has certain role, company, title and so on.

Your query rule could say this in the script section under advanced tab: 

current.addQuery('assigned_to', gs.getUserID());

In this case if the condition is true, the query rule will force a condition on the system when it retrieves records and the user would only see records where they're the assigned to. Query rules also have a large fault where if you add a OR clause

The resulted list of records will not work properly. The list could show INC0001, INC0002,... and when you click on INC0001 it opens another record like INC0004 instead.

If you're hardcoding this to 1 single user, then if another user is created you have to change the condition to consider them as well, so never design these for one  specific record or user and make them dynamic.

ALSO query rules are not the best practice way of doing this.
ACL's are the recommended way and are actually faster as well.

Hi,

in advanced section under condition field

Regards
Ankur