Versions Compared

Old Version 3

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

The Column Filter Policy is a SQL select clause written against the SQL View of an EmpowerID component or object type, such as an account or Person, that specifies what attributes of the component can be viewed by someone with the policy. For example, one of the Column Filter Policies included with EmpowerID is the "Sample

...

removal of name" policy. This policy hides the true value of each user account's

...

Name attribute, replacing it with "N/A" so that assignees of the policy see "N/A" as the

...

name for any user accounts they view. You can create Column Filters like this to hide or substitute any attribute on an object.

Create a Column Filter Policy

...

  1. On the

...

  1. navbar, expand

...

  1. Role Management and select Visibility Restriction Policies. 

  2. On

...

  1. the Find Visibility

...

  1. Filters page that appears,

...

  1. select the Column Filters tab and then click

...

  1. the Add button above the grid.

...

  1. Image Added



    This opens the Filter Details form for the Column Visibility Filter.

...

  1. Image Added

  2. Click the Assign Policy To drop-down and select from the following Actor types to receive the policy. 

    • Person

...

    • Applies the policy to a specific person.

    • Group

...

    • Applies the policy to a specific group. Each person who is a member of the group receives the policy.

    • Business Role and Location

...

    • Applies the policy to a specific Business Role and Location. Each person who belongs to the Business Role and Location receives the policy.

    • Management Role

...

    • Applies the policy to a specific Management Role. Each person who is a member of the role receives the policy.

    • Management Role Definition

...

    • Applies the policy to a specific Management Role Definition. Each Management Role that is a child of the definition receives the policy.

    • Query-Based Collection (SetGroup)

...

    • Applies the policy to a specific Business Role and Location. Each person who is a member of the collection receives the policy.

  2. In the Assignee field that appears, do one of the following depending on the Actor type you selected.

...

    1. Enter the name of the specific actor to whom you are assigning the policy and click the tile for that actor

...

    1. . For example, to assign the policy to a group, enter the name of the group in the field and click that tile.

    2. If you selected Business Role and Location as the Actor type, click the Select a Business Role and Location link and in the Business Role and Location Selector that appears, search for and select a Business Role and Location.

...

  1. In the Object Type (Component) field, type the name of the EmpowerID Component that has the column you want to restrict, add "View," and click the tile for that View to select it. For example, to hide an attribute of a Person, enter PersonView.

  2. Enter a name and description for the policy in the Name, Display Name and Description fields.

  3. Leave the value of the Mode field as Default.

  4. In the Allowed Columns field, enter a SQL statement for the filter that hides attribute values with a static value, returning all the rest. For example, to fill the Title attribute with the static string "Private" on a Person use this statement:

    Code Block
    languagesql
    'Private' AS Title, [PersonView].*


    This statement tells EmpowerID to create a new View of the Person table that replaces the Title attribute with the word Private. When a person with the policy logs in to EmpowerID and searches for another person, the value of the Title attribute will appear as Private.

    To restrict the data on other objects, replace the attributes and the views as is appropriate. For example, to completely hide the value of AccountStoreName and AccountStoreFriendlyName fields for groups, the SQL statement would be '  ' AS AccountStoreName,'  ' AS AccountStoreFriendlyName, [GroupView].*Image Added

  5. Click Save.

Page Properties
hiddentrue

This goes above step 9. Hiding for now because I am getting an error in the web app searching for components. At this point, the Filter Details form looks like the following image (with variations for the selected options). The image depicts a Column Filter policy that replaces the Title attribute value on a Person with the word "Private" and assigns the policy to all

...

members of the Contractors-D group. The policy does not apply to anyone who is not a member of that Business Role and Location

...

.

Test the Column Filter Policy

  1. Log out of the EmpowerID Web application and log back in as a user with the Column Filter policy.

  2. From the Home page of the Web application, search for any resource object restricted by the policy. For example, if you created a Column Filter policy that replaces the value of an attribute on a person with another value, search for people.

Page Properties
hiddentrue

Hiding for now because I am getting an error in the web app searching for components. The attribute specified in the policy is replaced with the value specified in the policy. In the image below, the logged-in user is assigned a Column Filter policy that replaces the value of the Title attribute

...

with "Private."

...

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue