The Column Filter Policy is a SQL select clause written against the SQL View of an EmpowerID component or object type, such as an account or Person, that specifies what attributes of the component can be viewed by someone with the policy. For example, one of the Column Filter Policies included with EmpowerID is the "Sample AccountView removing visibility on email" policy. This policy hides the true value of each user account's Email attribute, replacing it with "N/A" so that assignees of the policy see "N/A" as the Email for any user accounts they view. You can create Column Filters like this to hide or substitute any attribute on an object.
Visibility restriction policies do not affect the EmpowerIDAdmin user. |
This topic demonstrates how to create a Column Filter policy.
In the Allowed Columns field, enter a SQL statement for the filter that hides attribute values with a static value, returning all the rest. For example, to fill the Title attribute with the static string "Private" on a Person use this statement:
|
This statement tells EmpowerID to create a new View of the Person table that replaces the Title attribute with the word Private. When a person with the policy logs in to EmpowerID and searches for another person, the value of the Title attribute will appear as Private.
To restrict the data on other objects, replace the attributes and the views as is appropriate. For example, to completely hide the value of AccountStoreName and AccountStoreFriendlyName fields for groups, the SQL statement would be ' ' AS AccountStoreName,' ' AS AccountStoreFriendlyName, [GroupView].* |
At this point, the Filter Details form looks like the following image (with variations for the selected options). The image depicts a Column Filter policy that replaces the Title attribute value on a Person with the word "Private" and assigns the policy to all Contractors in any location. The policy does not apply to anyone who is not a member of that Business Role and Location.
|