Organization and geography

You can restrict user access to records based on the relationship between individual records and Organization and Geography. The definition of a group in the Security Manager includes the System Organization and System Geography fields in the Data Access section of the General tab.

Most business objects have a field that is named OrgName and a field that is named Geography Name. These fields are in the business object's General section. These fields are automatically supplied by the IBM TRIRIGA Application Platform. Because the platform automatically adds these fields, they do not appear in the Data Modeler. They do appear in the Form Wizard as part of the layout.

The OrgName field can have as its value any Organization record. The GeographyName field can have as its value any Geography record. The Geography hierarchy and the Organization hierarchy can be accessed in the Portfolio menu.

A new record inherits the System Organization and System Geography values of the currently logged in user as default values. For example, if Sam is logged in and has the values ZetaBank and US for these fields in his My Profile record, then most new records he creates have these values by default.

By default, many dependent child records inherit their System Organization and System Geography values from their parent records. For example, a new clause in a real estate contract inherits from the parent contract.

If a record's System Organization field has a value, the value of the field may restrict the users that can access the record. Users can access a record if they are a member of at least one security group that contains a System Organization value that is the same as or higher in the hierarchy than the organization contained in the record's System Organization field.

If a record's System Geography field has a value, the value of the field may restrict the users that can access the record. Users can access a record if they are a member of at least one security group that contains a System Geography value that is the same as or higher in the hierarchy than the geography contained in the record's System Geography field.

Attention: The logged in user's System Organization and System Geography values do not control any access rights. It is the security groups that the user is a member of that control access rights.

It is possible for a record to not have a value for the System Organization or System Geography fields. If a record's System Organization field has no value, the record is treated as though the value is \Organizations. If a record's System Geography field has no value, the record is treated as though the value is \Geography.

The following table summarizes the relationship between a record's System Organization field and a group's System Organization field.

Table 1. Relationship between a record's System Organization field and a group's System Organization field
  Record

System Organization is blank

Record

System Organization is \Organizations

Record

System Organization is NOT blank

Group

System Organization is blank

User in group DOES see record in queries and forms User in group DOES NOT see record in queries or forms User in group DOES NOT see record in queries or forms
Group

System Organization is \Organizations

User in group DOES see record in queries and forms User in group DOES see record in queries and forms User in group DOES see record in queries and forms
Group

System Organization is not blank

User in group DOES see record in queries, but does NOT see record in forms

Note: In UX apps, records shown to users are records in queries
User in group DOES NOT see record in queries or forms User in group DOES see record in queries and forms if the value in the group System Organization is at the same hierarchy level as or at a higher level than the value in the record System Organization

The following table summarizes the relationship between a record's System Geography field and a group's System Geography field.

Table 2. Relationship between a record's System Geography field and a group's System Geography field
  Record

System Geography is blank

Record

System Geography is \Geography

Record

System Geography is NOT blank

Group

System Geography is blank

User in group DOES see record in queries and forms User in group DOES NOT see record in queries or forms User in group DOES NOT see record in queries or forms
Group

System Geography is \Geography

User in group DOES see record in queries and forms User in group DOES see record in queries and forms User in group DOES see record in queries and forms
Group

System Geography is not blank

User in group DOES see record in queries, but does NOT see record in forms

Note: In UX apps, records shown to users are records in queries
User in group DOES NOT see record in queries or forms User in group DOES see record in queries and forms if the value in the group System Geography is at the same hierarchy level as or at a higher level than the value in the record System Geography

After you add, update, or delete a System Organization or a System Geography, clear the Security Scope cache in the Administrator Console. For more information about the Administrator Console, see the IBM TRIRIGA Application Platform: Administrator Console User Guide.