Restrict to Own Branch Example
Audience:
Audience: Administrators Edition: Enterprise
Overview
Branch Level Security (BLS) profiles limit a user's access to a specific subset of branches within a Master Chart.
For example, you can restrict a users' access to view only their branch.
The following article provides step-by-step instructions for configuring a Branch Level Security profile using the Restrict-to-Own Branch rule type.
Configuring a 'Restrict to Own Branch' BLS Profile
Log in to OrgChart.
Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.
Click on the Account Settings tile, and then click on the Security tab in the left side menu.
Click on the Create New Profile button (under the Branch Level Security heading). The Security Configuration panel is displayed.
Enter a name for the profile in the Name text box.
Optionally, enter a description of the BLS profile into the Description text box.
Click on the
icon to the right of the Rule Configuration heading.Select Restrict to own branch from the dropdown menu.
Optionally, click on the + button to allow access to level(s) above the user assigned to this BLS profile.
Click on the Field dropdown menu, and select the field used to restrict the branch.
Click Save.
Assign this BLS profile to an Access Group. Reference the Branch Level Security article for instructions on how to assign a BLS profile to an Access Group.
Testing Permissions
Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.
The following section tests the 'Restrict to Own Branch' BLS profile configured above.
Without Branch Level Security
With Branch Level Security
The following screenshot is the result of the BLS profile when signed in as Archie Fry:
Branch Pruning
Branch Pruning is a Branch Level Security option best used with the Restrict to Own Branch BLS profile.
Branch Pruning allows admins to restrict users to only view records that match the BLS profile criteria. For example, if a user should only see records that are in their own location, all other records will be removed, including managers that work in different locations. The following section provides step-by-step instructions for enabling Branch Pruning on a Restrict to Own Branch BLS profile.
Note
If employees work in different locations from their managers, this may result in disconnected branches.
Follow steps 1-8 above to create a new Restrict to Own Branch BLS profile.
Click on the Field dropdown menu, and then select the field used to restrict the branch (i.e. Location).
Check the Restrict to Own Branch checkbox, and then click on Save.
Click Save.
Assign this BLS profile to an Access Group. Reference the Branch Level Security article for instructions on how to assign a BLS profile to an Access Group.
The following screenshot is the result of a Restrict to Own Branch BLS profile that restricts the user to view records only in their location with Branch Pruning NOT enabled.
Nathaniel is able to see Sam Jones, who does not share the same location as Nathaniel, becausee Sam Jones has direct reports that do share the same location as Nathaniel.
The following screenshot is the result of a Restrict to Own Branch BLS profile that restricts the user Nathaniel Aden to view records only in their location (Saratoga) with Branch Pruning enabled.
Nathaniel is only able to see people in the chart that have his same location (Saratoga). Records that have this same location, but are not members of his branch, or that report to records that do not have the same location, are still searchable.