These rules are defined in addition to GRC rules set, these would serve as additional check for example to Permission Rules.
Example: You have Permission Rules defined for an authorization 02 for field ACTVT and some User Group value - SUPER. Now, if you want an additional check in the rules to check if the user being analyzed within this user group has access to approve payments more than 50000 USD.
For this, you will define a custom table in the ECC (plugin/connected) system which contains this information for that user to be authorized to make such payments. This custom table will contain a field for Payment Approval and so, a check can be placed for the user in Supplementary Rules, to see if the user contains that value or not.
PS: Supplementary Rules will be triggered in addition to Permission Rules. So, in any case Permission Rules have to be fired for these Supplementary Rules to trigger and produce results.
Hope this helps.