Record security filters control access to records in a repository. Records that match the record security filter's search conditions will be available to the specified user groups. The filters are created based on the profile definition and assigned to a repository's users and groups. The filters are created for a profile, then assigned to a user group to control how the group's users access a repository based on that profile. It is possible to assign a record security filter to a user instead of to a group, but it is strongly recommended that you assign it a group instead.
To create or edit a record security filter:
- Log into the Classic UI as an administrator.
- Open the Record Security Filters list by opening the Feature bar, opening Security Filters, and selecting Record Security Filters.
- Open the Record Security Filter editor:
- To create a new record security filter, open the Action dropdown menu and select New.
- To edit an existing record security filter, select the filter, open the Action dropdown menu and select Edit. The Record Security Filter editor will appear.
- If the record security filter is new, a dropdown will appear listing all the profiles defined in the system. Select the profile of the repository you want to apply the record security filter to, then click Next.
- The Record Security Filter Details page will appear. Edit the fields as
desired:
- Name: (Required) The name of the record security filter.
- Description: A description of the record security filter.
- Profile: The profile this record security filter is based on. This cannot be edited.
- Repository: Use the dropdown to select the repository this record security filter can be applied to.
- Record Security Filter Conditions: This section displays a
list of conditions that must be met in order for the user group to
be able to access the record. To add a condition:
- Click Add, select the attribute whose value will be checked, and click OK.
- Order: The order to apply the filter conditions.
- Search Value: The attribute value to be searched for in the indicated attribute.
- Search Type: The comparison that will be used to evaluate the attribute's value.
- Search Value: The value the attribute's value will be compared against.
- Category: If you select a value from the Category dropdown, it will display a set of values specific to the user, such as the username, group name, or company name. If you select a value, it will be used for the Search Value. For example, you could specify that the user must belong to a particular user group.
To delete a condition, select the condition and click Remove.
- Search Any Conditions (OR): If any of the conditions are met, make the record accessible.
- Search All Conditions (AND): All conditions must be met for the record to be accessible.
- Click Save.
- Record security filters are securable objects and must be made accessible to the groups that need to access it. To define or update a record security filter's security, see Define Access to Securable Objects.