Skip to main content

OrgChart Help Guide

Row Level Security

Audience:

Audience: Administrators Edition: Enterprise

Overview

Administrators can limit which field values a user can access on a row-by-row basis by creating Row Level Security (RLS) profiles.

This restriction applies to Excel outputs, boxes on the chart, the Profile, and all other occurrences of the field within the application.

Note

Note: Row Level Security restrictions can impact the way template rules are applied to records. When configuring Views, ensure that you do not create rules using restricted fields. Otherwise, the View may not appear as expected.

Accessing Row Level Security Profiles

Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.

Click on the Account Settings tile.

Setup_Account_Settings_Select.png

Click on the Security tab in the left side menu.

5_2_2_Security_Panel_with_Arrow.png
Row Level Security Options
5_2_CreateNewProfile_button.png

Create a new Row Level Security Profile.

5_2_1_BlueGear_nofill.png

Mouse over to configure Row Level Security Profile. See the Security Configuration Options section below for more information.

Rename_newicon.png

Mouse over to rename Row Level Security Profile.

5_2_1_Copy.png

Mouse over to copy Row Level Security Profile.

5_2_1_Trash_nofill.png

Mouse over to delete Row Level Security Profile

Tip

OrgChart has pre-installed a Default Row Level Security profile for you to configure.

This Default Row Level Security profile can be modified and renamed, but not deleted.

Mouse over the Default Row Level Security profile, and then click on the 5_2_1_BlueGear_nofill.png icon to begin constructing the profile. Reference the Security Configuration Options section below for more information.

Security Configuration Options

In the Security Configuration panel, Administrators can set the conditions under which users assigned to the selected Row Level Security profile are allowed or restricted from viewing specific fields.

Profile Details

Name

Name of the selected Row Level Security profile.

Description

Description of the permissions set in the selected Row Level Security profile.

Rule Configuration
Security Rules

Allowed Fields

When selected, only Fields added in the Fields section can be viewed. All other fields are restricted.

Restricted Fields

When selected, Fields added in the Fields section cannot be viewed. All other fields are allowed.

5_2_RoundPlus_icon.png

Add a Conditional Security Rule.

Conditional Security Rules allow Administrators to restrict field access for users based on specific Field Value Criteria. Reference the Conditional Row Level Security article for more information.

Fields
5_2_RoundPlus_icon.png

Click to add Fields that are either allowed restricted.

Assigning Row Level Security Profiles

In order to enable Row Level Security for a user, Administrators must assign a Row Level Security Profile to that user's Access Group.

  1. In the Account Settings panel, click on the Access Groups tab in the left side menu.

    5_2_2_AC_AccessGroups_Arrow.png
  2. Click on Create Group in the bottom left corner. The following Access Group Configuration panel is displayed:

    5_2_NewAccessGroupPanel.png
  3. Enter a name in the Access Group Name text box.

  4. Check the Row Level Security checkbox. A dropdown menu is displayed to the right.

    5_2_RLS_Assign.png
  5. Click on the Row Level Security dropdown menu, and then select the RLS profile you want to assign to this Access Group.

  6. Once you have finished configuring this Access Group, click Save. Reference the Account Settings: Access Group article for more information on configuring Access Groups.

  7. Click on the Settings dropdown, and then select the Manage Users option.

  8. Mouse over the user to whom you'd like to assign the new Access Group , and then click on the 5_2_1_Penci_bluel_noFill.png icon.

  9. Click on the Group dropdown menu, and then select the new Access Group option.

    5_2_AssignGroupToUser_RLS_EX.png
  10. Click Update.

    Note

    Note: Administrators can impersonate the user to test the permissions. Reference the Admin User Impersonation article for more information.