Page Comparison

Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on May 01, 2018

compared with

New Version Current

changes.mady.by.user Kim Landis (Unlicensed)

Saved on Sept 18, 2018

Key

This line was added.
This line was removed.
Formatting was changed.

...

Home
User Provisioning
Visibility Policies
Current: Creating Data Filter Policies

...

Style

import	https://docs.empowerid.com/docs.css

The Data Filter Policy is a SQL Select Statement select statement written against an EmpowerID component or object type, such as a Person, that places limits on the number of which objects of that type that can be viewed by someone with the policy can view. For example, one of the sample Data Filter Policies included with EmpowerID is a EmpowerID includes a sample Data Filter for the Person object that only allows for the viewing of a person to view people in or below that person's their location. This means , that if a person Bob is located in London, for example, and has this Visibility Filter through some type of assignment, that person will only be able to he can only see people in the London location (or locations below London).

Note
Visibility restriction policies do not affect the EmpowerIDAdmin user.

This topic demonstrates how to create a Data Filter policy and is divided into the following activities:

Anchorcreatecreate

.

To create a Data Filter Policy

From the Navigation Sidebar, navigate to the Column Filter creation page by expanding Other and clicking Things to Do > Create > EmpowerID System Configuration >

In the navigation sidebar, expand Admin > RBAC and click Visibility Restriction Policies.
On the Find Visibility Page that appears, click the Actions tab and then click Create Data Visibility Filter.

Image Added

This opens the Filter Details form for the Data Visibility Filter.

Image Removed From

Image Added
Click the Assign Policy To

drop-down,

and select from the following Actor

type to whom you want to apply

types to receive the policy.

Actor types include the following:Person - If you select this Actor type, the policy will be applied

- Person — Applies the policy to a specific person.
- Group

- If you select this Actor type,

- — Applies the policy

will be applied

- to a specific group. Each person who is a member of the group

will receive

- receives the policy.
- Business Role and Location

- If you select this Actor type,

- — Applies the policy

will be applied

- to a specific Business Role and Location. Each person who belongs to the Business Role and Location

will receive

- receives the policy.
- Management Role

- If you select this Actor type,

- — Applies the policy

will be applied

- to a specific Management Role. Each person who is a member of the role

will receive

- receives the policy.
- Management Role Definition

- If you select this Actor type,

- — Applies the policy

will be applied

- to a specific Management Role Definition. Each Management Role that is a child of the definition

will receive

- receives the policy.
- Query-Based Collection (SetGroup)

- If you select this Actor type,

- — Applies the policy

will be applied

- to a specific Business Role and Location. Each person who is a member of the collection

will receive

- receives the policy.
In the Assignee field that appears, do one of the following depending on the Actor type you selected.
1. Type the name of the specific actor to whom you are assigning the policy and then click the tile for that actor to select it. For example,

if you are assigning

1. to assign the policy to a Query-Based Collection (SetGroup),

you

1. type the name of the SetGroup in the field and

then

1. click the tile for that SetGroup.
2. If you selected Business Role and Location as the Actor type, click the Select a Role and Location link and in the Role and Location Selector that appears, search for and select a Business Role and Location and then

click

1. click Select to close the selector.

Image Removed

1. Image Added
Type a name and description for the policy in the Name and Description fields

, respectively. Type

.
In the Priority field, enter a numeric value to set the priority

of the policy in the Priority field. This value determines

to determine which policy takes precedence

for

when users

who

have more than one policy. The lower the number the higher the

policy

priority.
Leave the value of the Mode field set as Default.
Leave the Pre-Query field blank.
In the Select Clause field, type the SQL statement for the filter that returns only those objects allowed by the filter.
For example,

if you are creating

to create a filter that only allows Contractors to see other Contractors,

you could

write a query similar to the following example (

depending on whether

if the Title field is used in your environment).
Code Block
language sql
SELECT PersonID FROM dbo.Person (NOLOCK) WHERE Title = 'Contractor'
At this point, the Filter Details form

should look similar to

looks like the following image (with variations for the selected options).

In the image, we are creating

The image depicts a Data Filter policy that

only

allows people in the Contractors Query-Based Collection to see only people in EmpowerID who have a Title attribute of Contractor.

Image Removed

Image Added
Click Save.

Anchortesttest

To test the Data Filter Policy

Log out of the EmpowerID Web application and log back in as a user with the Data Filter policy.
From the Home page of the Web application, search for any resource object restricted by the policy. For example, if you created a Data Filter policy that restricts

the number of

which people

that Anchorconceptsconcepts

Concepts:

Understanding Visibility Policies

Anchortaskstasks

Tasks:

Creating Visibility Restriction Policies

Creating Column Filter Policies

can be seen, search for people.

The search returns only objects allowed by the filter. In the image below, the logged-in user is assigned a Data Filter that only allows him to see people who have a Title attribute of Contractor.

Image Added