| Divstyle | ||
|---|---|---|
| ||
| ||
In previous versions of EmpowerID, users could not see resources within their own organizations without an RBAC assignment. For example, a user could not look up information about users within their office until they were granted the Viewer Access Level for each of those users. This is no longer the case as RBAC control over the visibility of resources has been replaced by three types of policies:
- Visibility Restriction policies,
- Column Visibility Filter policies, and
- Data Visibility Filter policies.
Visibility Restriction policies most resemble RBAC and are easy to implement. EmpowerID recommends using these policies in most cases.
| Note |
|---|
Visibility restriction policies do not affect the EmpowerIDAdmin roleuser. |
Column Visibility Filters and Data Visibility Filters are SQL-based filters that you write against the EmpowerID Identity Warehouse to show and hide data at the column and attribute level. These offer flexibility and power, allowing you to show and hide data at the column and attribute level. However, as they are more difficult to implement, only use them when Visibility Restriction policies cannot cover your use case.
Each of these policy types are discussed in greater detail below.
...