Branch Level RLS Example
Audience:
Audience: Administrators Edition: Enterprise
Overview
Branch Level RLS allows Administrators to restrict access to certain fields for the branch of the assigned user. For example, you can restrict managers to view only the Salary data for themselves and their subordinates.
The following article provides step-by-step instructions for configuring a Conditional RLS profile using the Branch Level rule type.
Configuring a 'Branch Level' RLS Profile
Log in to OrgChart.
Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.
Click on the Account Settings tile, and then click on the Security tab in the left side menu.
Click on the Create New Profile button (under the Row Level Security heading). The Security Configuration panel is displayed.
Enter a name for the profile in the Name text box.
Optionally, enter a description of the RLS profile into the Description text box.
Click on the icon (to the right of the Security Rules heading). Conditional Rule 1 is added to the Security Rule column.
Click on the icon (to the right of the Definitions heading). The Conditional Definition Editor panel is displayed.
Click on the Rule Type dropdown menu, and then select the Not In option.
Click on the New Condition button.
Click on the Field dropdown menu, and then select the Switch to Branch Level option.
Click Save. The conditional definition is displayed in the Definition column.
Click on the icon (to the right of the Fields heading), and then select a Field from the dropdown menu.
Click Save.
Assign this RLS profile to an Access Group. Reference the Row-Level Security article for instructions on how to assign an RLS profile to an Access Group.
Testing Permissions
Administrators can login as users with different levels of access to test permissions. Reference the Admin User Impersonation article for more information.
The following section tests the Branch Level RLS profile configured above, which states employee records that are NOT IN the Self + Subordinates Branch Level of the assigned user do not display Budget or Salary.
Without Row Level Security
With Row Level Security
The following screenshot is the result of the Branch Level RLS when signed in as Pauline Dinh: