Rules of Visibility
The Rules of Visibility that you create and modify in the Administration application define both the information that users are allowed to see and the operations that users are allowed to perform.
In InfoSphere® MDM, data-level entitlements refer to the ability of an end user to see information and to perform tasks according to constraints placed on the user and on the group the user belongs to. There are two types of data-level entitlements: Rules of Visibility and data persistency entitlements.
- Rules of Visibility allow you to define what elements and sub-elements users and user groups can see based on constraints that you define. For example, agents can only work with data for the parties associated with contracts that they service.
- Data persistency entitlements allow you to define the elements and sub-elements users and user groups can add and update based on constraints that you define. For example, tellers who are entry-level can view client data but cannot update it.
Because both are closely linked, there is no separation of Rules of Visibility and data persistency entitlements in the Administration application. Therefore, the Rules of Visibility that you create and modify in the Administration application define both the information that users are allowed to see and the operations that users are allowed to perform. If you want to administer these functions separately, you must customize Rules of Visibility and data persistency entitlements offline. For more information, see the developer topics.
A Rule of Visibility must include at least one data association and may also include one or more constraints. Data associations are groupings of related business objects and their elements. When linked to Rules of Visibility, they determine what data can be accessed and how it can be accessed. Constraints are a type of conditional statement that further refine Rules of Visibility by making data accessible only if certain parameters are met, for example: a given user group can only view contracts that are within their line of business and have a current cash value of less than one million dollars.
- InfoSphere MDM users are organized into one or more user groups. For information on creating user groups, see Creating a user group.
- Rules of Visibility are created with data associations and possibly constraints. For information on creating data associations, see Creating a data association. For information on creating Rules of Visibility, see Creating a rule.
- User groups are associated with one or more rules. For information on making these associations, see Associated Rules of Visibility and user groups.
- When users access the system, InfoSphere MDM determines which user group they are assigned to, and, in turn, which rules and constraints apply to them specifically.
- Users are then able to access certain tables and have the ability to view, update, or add data based on those rules and constraints.
The Rules of Visibility feature is a configurable option in InfoSphere MDM and can be universally enabled and disabled through a master setting. This setting is available during the InfoSphere MDM setup and cannot be accessed through the Administration application.
When the Rules of Visibility feature is enabled as an option, the default behavior is that users have no access to data unless access is explicitly granted. Therefore, if you want users and user groups to be able to view and manipulate data, you must create the appropriate Rules of Visibility. When you create a Rule of Visibility, you are defining parameters for accessing data in the system. In addition to naming the rule and giving it a description, you can define both the data associated with that rule and the constraints placed on the data.
For existing Rule of Visibility in the system, you can view such details as rule attributes, rule data, and rule constraints. In the Rules module, you can edit the attributes, associated data, and constraints of existing Rules of Visibility.
When you no longer want to use an existing Rule of Visibility, you can terminate it. Terminating a Rule of Visibility disables the permissions and restrictions it places on end users and applies an end date to the rule in the database table.