OrgChart Now Help Guide

Branch Level RLS Example


Audience: Administrators Edition: Enterprise & Premium


Branch Level RLS allows Administrators to restrict access to certain fields for the branch of the assigned user. For example, you can restrict managers to view only the Salary data for themselves and their subordinates.

The following article provides step-by-step instructions for configuring a Conditional RLS profile using the Branch Level rule type.

Configuring a 'Branch Level' RLS Profile
  1. Log into OrgChart Viewer.

  2. Click More > Account Settings, and then select the Security option.

  3. Click on the Create New Profile button (under the Row Level Security heading). An Untitled profile is created.

  4. Click on the PencilPad.png icon, and then rename the RLS profile.

  5. Click OK.

  6. Click on the geariconnew.png icon. The Security Configuration panel is displayed.

  7. Optionally, enter a description of the RLS profile into the Description text box.

  8. Click on the Plus.png icon (to the right of the Security Rules heading). Conditional Rule 1 is added to the Security Rule column.

  9. Click on the Plus.png icon (to the right of the Definitions heading). The Conditional Definition Editor panel is displayed.

  10. Click on the Rule Type dropdown menu, and then select the Not In option.

  11. Click on the New Condition button.

  12. Click on the geariconnew.png icon (to the right of the Field dropdown menu, and then select the Branch Level option.

  13. Click Save. The conditional definition is displayed in the Definition column.

  14. Click on the Plus.png icon (to the right of the Fields heading), and then select a Field from the dropdown menu.

  15. Click Save.

  16. Assign this RLS profile to an Access Group. Reference the Row-Level Security article for instructions on how to assign an RLS profile to an Access Group.

Testing Permissions

Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.

The following section tests the Branch Level RLS profile configured above, which states employee records that are NOT IN the Self + Subordinates Branch Level of the assigned user do not display Budget or Salary.

Without Row Level Security
With Row Level Security

The following screenshot is the result of the Branch Level RLS when signed in as Pauline Dinh: