Defining data security groups

Data security groups are used to control access to the data contained in specific document types, Enterprises, and ship nodes within the Sterling Order Management Console.

Creating a data security group is an optional process. If a user is not associated with a data security group, that user is considered to have the least restrictive access, or default access. By defining a data security group, you can further restrict the access to any Enterprises or document types or participating ship nodes that are a subset of the default access list.

The default access list for document types is based on the document types associated with a particular business module.

There is no default access list for ship nodes. By default, a data security group has access to all the ship nodes.

The default access list for Enterprise access is based on the type of user for which the data security group is defined. Only Hub, Enterprise, and Enterprise/Hub Node users can create data security groups, as described in the following table:

Table 1. Default access list
User Default Enterprise Access List Can be Further Filtered by Data Access Group?
Hub All Enterprises in the system. Yes
Enterprise All Enterprises that are children Enterprises of the Enterprise you are configuring. Yes
Enterprise/Hub Node Users All Enterprises with which the node organization participates. Yes
All Other Users All Enterprises with which the organization participates. No

You can define a data security component for data security groups in the service definition framework to enable the groups to secure data based on your data security policies. For more information about data security components, see Section C.2.11, "Data Security".