Skip to main content

OrgChart Help Guide

Row Level Security Example

Audience

Audience: Administrators Edition: Enterprise

Overview

Row Level Security (RLS) profiles limit which field values a user can access on a row by row basis.

For example, you can restrict employee records from displaying any fields that are not specifically marked as Allowed.

The following article provides step-by-step instructions for configuring a basic RLS profile.

Configuring a Row-Level Security Profile

  1. Log in to OrgChart.

  2. Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.

    Setup_Account_Settings_Select.png

  3. Click on the Account Settings tile, and then click on the Security tab in the left side menu.

    5_2_2_Security_Panel_with_Arrow.png

  4. Click on the Create New Profile button (under the Row Level Security heading). The Security Configuration panel is displayed.

  5. Enter a name for the profile in the Name text box

  6. Optionally, enter a description of the RLS profile into the Description text box.

  7. Select the Allowed Fields option (in the Security Rules column).

    Note

    Note: When Allowed Fields is selected, only Fields added in the Fields section can be viewed. All other fields are restricted.

    When Restricted Fields is selected, the Fields added in the Fields section cannot be viewed. All other fields are allowed.

    Some fields cannot be restricted, such as PersonID and SupervisorID, as these fields are integral to structuring of the chart.

  8. Click on the 5_2_RoundPlus_icon.png icon to the right of the Fields heading.

  9. Select a Field from the dropdown menu. Selected fields are displayed in the Fields column (as shown in the screenshot below).

    5_2_RLS_Basic.png

  10. Click on Save.

  11. Assign this RLS profile to an Access Group. Reference the Row-Level Security article for instructions on how to assign an RLS profile to an Access Group.

Testing Permissions

Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.

The following section tests the RLS profile configured above, which states employee records will display only the following Allowed fields: Department Name, Name, and Title.

Without Row Level Security
RLS_AllowedFields_PreSec.png
With Row Level Security
RLS_AllowedFields_SECAPPLIED.png