You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Create Visibility Restriction Policies
Create a Visibility Restriction policy
On the navbar, expand Role Management and select Visibility Restriction Policies.
On the Find Visibility Filters page that appears, select the Create Policy tab.
This opens the Create a Visibility Restriction Policy form.From the Assign Policy To drop-down, select the Actor type to receive the policy. Actor types include the following:
Person – Applies the policy to a specific person.
Group – Applies the policy to a specific group. Each person who is a member of the group receives the policy.
Business Role and Location – Applies the policy to a specific Business Role and Location. Each person who belongs to the Business Role and Location receives the policy.
Management Role – Applies the policy to a specific Management Role. Each person who is a member of the role receives the policy.
Management Role Definition – Applies the policy to a specific Management Role Definition. Each Management Role that is a child of the definition receives the policy.
Query-Based Collection (SetGroup) – Applies the policy to a specific Query-Based Collection. Each person who is a member of the collection receives the policy.
Type the name of the specific actor to whom the policy is to be assigned in the Assignee field and then click the tile for that actor.
This field binds to the value of the Assign Policy To drop-down, so you can only input an actor matching the selected Actor type. For example, if you select Group from the Assign Policy To drop-down, then you can only search for and input a group in the Assignee field.Select the Object Type To Restrict from the drop-down. For example, to restrict the ability to see people, select Person.
From the Assignment Type drop-down, select from the following options to define the scope of the policy.
Person Relative Resource – Policy holders can see only those objects relative to their own person.
For example, if you limit the visibility of computers with this assignment type and assign the policy to Bob in Boston, Bob can only see computers located in Boston.Direct – Policy holders can only see a specific resource object of a specific type, such as "Computer X" or "Person Y."
Scoped At Location – Policy holders can only see resource objects of a specific type in a specific location, such as all computers or all people in Boston.
Target Group – Policy holders can only see specified resource objects belonging to a specific group.
For example, if you limit the visibility of people with this assignment type, and assign the policy to Bob in the Accounting group, Bob can only see people belonging to the Accounting group.Target Management Role – Policy holders can only see specified resource objects belonging to a specific Management Role.
For example, if you limit the visibility of people with this assignment type, and assign the policy to Bob, can only see people belonging to the target Management Role.Target Query-Based Collection – Policy holders can only see specified resource objects belonging to a specific Query-Based Collection.
For example, if you limit the visibility of people with this assignment type, people with the policy can only see people belonging to the target collection.
In whichever field appears based on the Assignment Type selected above, do the following:
Enter a <Resource Object> Name to Search - Enter the name of the specific resource object for which you are creating the policy and then click the tile for that object to select it.
Person Relative Resource - Select the relative resource for the restricted resource object type, such as People in Person's Location or Accounts in Person's Location.
For example, if you limit the visibility of accounts and the Assignment Type is Person Relative Resource, selecting Accounts in Person's Location limits any person with the policy to only seeing accounts in their location.Can See All Below - Click the Select a Location link, and in the Location Selector that appears, search for and select a location and click Save to close the Location Selector.
In the Priority field, enter a numeric value from 1 to 100 to set the priority of this Visibility Restriction policy if a user has more than one policy. The lower the number, the higher the priority.
Leave the Mode value set to Default.
Select Enabled to enable the policy.
At this point, the Create a Visibility Restriction Policy form looks like the following image (with variations for the selected options). In the image, the Visibility Restriction policy restricts the ability of anyone who is a member of the Contractors group to see only people inside of the group.Click Save.
Test the Visibility Restriction policy
Log out of the EmpowerID Web application and log back in as a person assigned the policy. For example, if you created a Visibility Restriction policy and assigned it to a group, log in as a person who is a member of that group.
From the Home page of the Web application, search for any resource object restricted by the policy. For example, if you created a Visibility Restriction policy that restricts the ability to see people, search for people. This example creates just such a policy and navigates to the White Pages.
You are only able to see those objects for which the policy was created. In this example, the logged-in person is a member of the Contractors group. Because the Visibility Restriction policy restricts the ability of anyone who is a member of the Contractors group to see anyone outside of that group, only those people in the organization who belong to the group appear.