OrgChart Now Help Guide

In Example

Audience

Audience: Administrators Edition: Enterprise

Overview

Conditional Row Level Security allows Administrators to restrict users access row-by-row based on a defined set of criteria.

For example, you can restrict employee records from displaying salary information when the title of a record is in a defined list of values.

The following article provides step-by-step instructions for configuring a Conditional RLS profile using the In rule type.

Configuring an 'In' RLS Profile
  1. Log in to OrgChart.

  2. Click More > Account Settings, and then select the Security option.Account Settings

  3. Click on the Create New Profile button (under the Row Level Security heading). The Security Configuration panel is displayed.

  4. Enter a name for the profile in the Name text box.

  5. Optionally, enter a description of the RLS profile into the Description text box.

  6. Click on the 5_2_RoundPlus_icon.png icon (to the right of the Security Rules heading). Conditional Rule 1 is added to the Security Rule column.

  7. Click on the 5_2_RoundPlus_icon.png icon (to the right of the Definitions heading). The Conditional Definition Editor panel is displayed.

  8. Click on the Rule Type dropdown menu, and then select the In option.

  9. Click on the 5_2_RoundPlus_icon.png icon (to the right of the Field Value Criteria heading), and then select the In option.

  10. Select a Field from the Field dropdown menu.

  11. Select a Value from the Value dropdown menu.

    5_2_RLS_IN.png
  12. Optionally, click on the 5_2_Plus_zoomed.png to select an additional Value from the Value dropdown menu.

  13. Click Save. The conditional definition is displayed in the Definition column.

  14. Click on the 5_2_RoundPlus_icon.png icon (to the right of the Fields heading), and then select a Field from the dropdown menu.

    5_2_RLS_IN_EX.png
  15. Click Save.

  16. Assign this RLS profile to an Access Group. Reference the Row-Level Security article for instructions on how to assign an RLS profile to an Access Group.

Testing Permissions

Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.

The following section tests the Conditional RLS profile configured above, which states employee records with a Title NOT IN the list of field values do not display the Salary field.

Without Row Level Security
CRLS_IN_PreSec.png
With Row Level Security
CRLS_In_SECAPPLIED.png