Metric rules
The metric rules section of the object security rules file defines which users and groups can see specific monitor context metrics.
The sample object security rules file contains two metric rules
sections.
- The first metric rule is written against the Application_Loan_Amount and Completed_Loan_Amount metrics of the Mortgage_Lending_BAM_MC monitor context.
- The second metric rule is written against the Actual_Fees and Loan_Officer metrics of the Automated_Loan_Setup_BAM_MC monitor context.
{
"ObjectSecurityArray": [
{
"ModelID": "MortgageLendingBAMShowcase",
"MetricRules": [
{
"MCID": "Mortgage_Lending_BAM_MC",
"MCMetricRules": [
{
"MetricIDs": [
"Application_Loan_Amount", "Completed_Loan_Amount"
],
"VisibleTo": {
"Users": ["RSmith", "PatrickL"]
},
"HiddenFrom": {
"UserDNs": ["uid=JaneDoe2,o=defaultWIMFileBasedRealm"],
"Groups": ["PayrollEmployees"]
}
},
]
},
{
"MCID": "Automated_Loan_Setup_BAM_MC",
"MCMetricRules": [
{
"MetricIDs": [
"Actual_Fees", "Loan_Officer"
],
"VisibleTo": {
"Users": ["RSmith", "PatrickL"]
},
"HiddenFrom": {
"UserDNs": ["uid=JaneDoe2,o=defaultWIMFileBasedRealm"],
"Groups": ["PayrollEmployees"]
}
}
]
}
]
}
]
}The attributes of the Metric section are described in the following
list:
- "MetricRules"
- A required attribute that signals the beginning of an array of metric rules for the model.
- "MCID":"monitor_context_ID"
- A required attribute that specifies the monitor context ID. The value can be up to 256 characters.
- "MCMetricRules"
- A required attribute that signals the beginning of an array of metric rules for the monitor context.
- "MetricIDs":"[metric_ID", "metric_ID" , "metric_ID" . . .]
- A required attribute that includes one or more metric IDs to which the rule applies.
- "VisibleTo":
- An attribute that includes the names of users and groups who have
permission to see the data.
VisibleTo is required if HiddenFrom is not specified; otherwise, it is optional.
- "HiddenFrom":
- An attribute that includes the names of users and groups who do
not have permission to see the data.
HiddenFrom is required if VisibleTo is not specified; otherwise, it is optional.
Use one or more of the following parameters as needed with VisibleTo and HiddenFrom.
When the object security rules file is imported, all users and groups
defined in the file are read:
- "Users": ["cn", "cn" . . .]
- A list of common names (CNs) of users.
- "UserDNs": ["dn", "dn" . . . ]
- A list of distinguished names (DNs) of users.
- "Groups": ["cn", "cn" . . .]
- A list of group CNs.
- "GroupDNs": ["dn", "dn" . . . ]
- A list of group DNs.
The following list describes how a user's visibility to a
metric depends on a combination of factors:
- If a user is included in the "VisibleTo" list, the user has access to the metric.
- If a user is not included in the "VisibleTo" list but a group to which the user belongs is included in the list, the user has access to the metric.
- If a user is not included in the "VisibleTo" list and none of the groups to which the user belongs is included in the "VisibleTo" list, that user does not have access to the metric.
- If all the groups to which a user belongs are included in the "HiddenFrom" list, the user does not have access to the metric, unless the user is explicitly included in the "VisibleTo" list.