Skip to main content

OrgChart Help Guide

Restrict to Own Branch Example

Audience:

Audience: Administrators Edition: Enterprise

Overview

Branch Level Security (BLS) profiles limit a user's access to a specific subset of branches within a Master Chart.

For example, you can restrict a users' access to view only their branch.

The following article provides step-by-step instructions for configuring a Branch Level Security profile using the Restrict-to-Own Branch rule type.

Configuring a 'Restrict to Own Branch' BLS Profile
  1. Log in to OrgChart.

  2. Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.

    Setup_Account_Settings_Select.png
  3. Click on the Account Settings tile, and then click on the Security tab in the left side menu.

    5_2_2_Security_Panel_with_Arrow.png
  4. Click on the Create New Profile button (under the Branch Level Security heading). The Security Configuration panel is displayed.

  5. Enter a name for the profile in the Name text box.

  6. Optionally, enter a description of the BLS profile into the Description text box.

  7. Click on the 5_2_RoundPlus_icon.png icon to the right of the Rule Configuration heading.

  8. Select Restrict to own branch from the dropdown menu.

  9. Optionally, click on the + button to allow access to level(s) above the user assigned to this BLS profile.

  10. Click on the Field dropdown menu, and select the field used to restrict the branch.

    BLS_Restrict_to_Own_Branch_Example_5_3_1.png
  11. Click Save.

  12. Assign this BLS profile to an Access Group. Reference the Branch Level Security article for instructions on how to assign a BLS profile to an Access Group.

Testing Permissions

Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.

The following section tests the 'Restrict to Own Branch' BLS profile configured above.

Without Branch Level Security
BLS_RTOB_PreSec.png
With Branch Level Security

The following screenshot is the result of the BLS profile when signed in as Archie Fry:

BLS_RTOB_Sec.png
Branch Pruning

Branch Pruning is a Branch Level Security option best used with the Restrict to Own Branch BLS profile.

Branch Pruning allows admins to restrict users to only view records that match the BLS profile criteria. For example, if a user should only see records that are in their own location, all other records will be removed, including managers that work in different locations. The following section provides step-by-step instructions for enabling Branch Pruning on a Restrict to Own Branch BLS profile.

Note

If employees work in different locations from their managers, this may result in disconnected branches.

  1. Follow steps 1-8 above to create a new Restrict to Own Branch BLS profile.

  2. Click on the Field dropdown menu, and then select the field used to restrict the branch (i.e. Location).

  3. Check the Restrict to Own Branch checkbox, and then click on Save.

    Branch_Pruning_Config.png
  4. Click Save.

  5. Assign this BLS profile to an Access Group. Reference the Branch Level Security article for instructions on how to assign a BLS profile to an Access Group.

Without Branch Pruning

The following screenshot is the result of a Restrict to Own Branch BLS profile that restricts the user to view records only in their location with Branch Pruning NOT enabled.

5_3_1_Branch_Pruning_OFF.png

Nathaniel is able to see Sam Jones, who does not share the same location as Nathaniel, becausee Sam Jones has direct reports that do share the same location as Nathaniel.

With Branch Pruning

The following screenshot is the result of a Restrict to Own Branch BLS profile that restricts the user Nathaniel Aden to view records only in their location (Saratoga) with Branch Pruning enabled.

5_3_1_Branch_Pruning_ON_example.png

Nathaniel is only able to see people in the chart that have his same location (Saratoga). Records that have this same location, but are not members of his branch, or that report to records that do not have the same location, are still searchable.