Scenario 4: Customer access to an internal database using a common folder
This scenario illustrates customer access an internal HCL Compass database using a common folder in the Public Queries folder.
In this scenario, a collection of queries and charts is relevant to all customers who access an internal Compass database. It would be convenient to store these queries and charts in a common folder that all customers can access, while ensuring that the customers do not know about one another. The queries are designed to return a list of active issues specific to the customer who runs them.
It is important to understand that workspace folder permissions do not restrict a user's ability to create personal queries and access the records that these queries return. Additional schema properties are needed to ensure that the queries in the common folder only return issues specific to the customer who runs them. One way to hide records from specific customers is to use the Compass security context feature.
This scenario assumes the following prerequisites
- Multiple customers are granted access to an internal Compass database as outlined in Scenario 3: Customer access to an internal database using Public Queries folder queries.
- Using a schema that implements the appropriate record security.
The Security Administrator performs the following steps.
- Creates a folder for all customers to share, for example, Common, and grants Read-Limited permission to each customer group on the Common folder.
- Grants No-Access permission to the Everyone group on the Common folder.
- Grants Read-Only permission to each customer group on the Common folder.
- Optionally, grants Read-Only or Read-Write permission to appropriate internal groups on the Common folder.
Result: Because No-Access permission is granted to the Everyone group, only groups that are granted Read-Only permission can see the content of the Common folder. A user who has Read-Limited permission on the parent folder cannot see the Common folder unless Read-Limited, Read-Write, or Read-Only permission is granted to the user on this folder.