Creating Data Filter Policies

The Data Filter Policy is a SQL Select Statement written against an EmpowerID component or object type, such as a Person, that places limits on the number of objects of that type that can be viewed by someone with the policy. For example, one of the sample Data Filter Policies included with EmpowerID is a Data Filter for the Person object that only allows for the viewing of people in or below that person's location. This means, that if a person is located in London, for example, and has this Visibility Filter through some type of assignment, that person will only be able to see people in the London location (or locations below London).

This topic demonstrates how to create a Data Filter policy and is divided into the following activities:

To create a Data Filter Policy

  1. From the Navigation Sidebar, navigate to the Column Filter creation page by expanding Other and clicking Things to Do > Create > EmpowerID System Configuration > Create Data Visibility Filter.
  2. This opens the Filter Details form for the Data Visibility Filter.

  3. From the Assign Policy To drop-down, select the Actor type to whom you want to apply the policy. Actor types include the following:
    • Person - If you select this Actor type, the policy will be applied to a specific person.
    • Group - If you select this Actor type, the policy will be applied to a specific group. Each person who is a member of the group will receive the policy.
    • Business Role and Location - If you select this Actor type, the policy will be applied to a specific Business Role and Location. Each person who belongs to the Business Role and Location will receive the policy.
    • Management Role - If you select this Actor type, the policy will be applied to a specific Management Role. Each person who is a member of the role will receive the policy.
    • Management Role Definition - If you select this Actor type, the policy will be applied to a specific Management Role Definition. Each Management Role that is a child of the definition will receive the policy.
    • Query-Based Collection (SetGroup) - If you select this Actor type, the policy will be applied to a specific Business Role and Location. Each person who is a member of the collection will receive the policy.
  4. In the Assignee field that appears, do one of the following depending on the Actor type you selected.
    1. Type the name of the specific actor to whom you are assigning the policy and then click the tile for that actor to select it. For example, if you are assigning the policy to a Query-Based Collection (SetGroup), you type the name of the SetGroup in the field and then click tile for that SetGroup.
    2. If you selected Business Role and Location as the Actor type, click the Select a Role and Location link and in the Role and Location Selector that appears, search for and select a Business Role and Location and then click Select to close the selector.

  5. Type a name and description for the policy in the Name and Description fields, respectively.
  6. Type a numeric value to set the priority of the policy in the Priority field. This value determines which policy takes precedence for users who have more than one policy. The lower the number the higher the policy.
  7. Leave the value of the Mode field set as Default.
  8. Leave the Pre-Query field blank.
  9. In the Select Clause field, type the SQL statement for the filter that returns only those objects allowed by the filter. For example, if you are creating a filter that only allows Contractors to see other Contractors, you could write a query similar to the following example(depending on whether the Title field is used in your environment).
  10. SELECT PersonID FROM dbo.Person (NOLOCK) WHERE Title = 'Contractor'

    At this point, the Filter Details form should look similar to the following image (with variations for the selected options). In the image, we are creating a Data Filter policy that only allows people in the Contractors Query-Based Collection to see people in EmpowerID who have a Title attribute of Contractor.

  11. Click Save.

To test the Data Filter Policy

  1. Log out of the EmpowerID Web application and log back in as a user with the Data Filter policy.
  2. From the Home page of the Web application, search for any resource object restricted by the policy. For example, if you created a Data Filter policy that restricts the number of people that can be seen, search for people.
  3. You should see only those objects allowed by the filter. In the below image, we logged in as a user who has been assigned a Data Filter that only assignees to people who have a Title attribute of Contractor.