Author Topic: OD Query Restriciton (Read 4830 times)

waytec · « **on:** January 26, 2009, 01:42:26 PM »

Which is the best location to restrict access to data using a Query Restricition, AG level or Group level? Thanks

Justin Derrick · « **Reply #1 on:** January 27, 2009, 08:04:29 AM »

Sadly, the best answer is, "The one that meets your needs."

I use them at the Group level, because it's easy to add and remove users from Groups -- AND, that functionality can be delegated to someone who is responsible for the group, meaning fewer support calls or requests to tweak user permissions.

-JD.

waytec · « **Reply #2 on:** January 27, 2009, 08:28:13 AM »

Thanks for the input JDerrick. Its good to get a reponse on the forum so quickly. I usually read the forum every month or so becuase its hardly posted to. Anyway, Thanks again.

Justin Derrick · « **Reply #3 on:** February 05, 2009, 01:48:48 PM »

You're very welcome, Wayne...

I try to check the mailing list and board at least once a day. You can bookmark the page entitled 'Show unread posts since last visit', which helps streamline your reading -- it only shows you the new posts or replies since the last time you logged in.

-JD.

waytec · « **Reply #4 on:** February 05, 2010, 01:22:21 PM »

Since this origianl post I have implemented a good number query restrictions throughout our CMOD enviroment and all are working fine. But do to the nature of some of the data our Audit departments is requesting a report showing which users were restricted from querying which data. Does anyone know if Ondemand records any data regarding the restrictions? All input is greatly appreciated.

Justin Derrick · « **Reply #5 on:** February 07, 2010, 09:45:11 AM »

Query restrictions aren't so much about denying access to documents as it is never showing them the ones they can't access. Your auditors are probably looking for a 'smoking gun' of a user who tried to access something and was denied -- this doesn't happen, because the documents they're restricted from opening are never displayed in the hitlist.

If you need to provide SOMETHING to the auditors, show them the query restriction and the list of users who are subject to it. This is especially useful if the query restriction is written as "branchno=1234" instead of "branchno!=5678" -- the first selects ONLY what they can see. The second prevents them from seeing something, but allowing everything else.

When writing query restrictions, I try to write them in such a way that "That which is not expressly permitted is forbidden." That's how my friends describe driving in Montreal.

Good luck with the audit!

-JD.

OnDemand User Group

News:

Author Topic: OD Query Restriciton (Read 4830 times)

waytec

OD Query Restriciton

Justin Derrick

Re: OD Query Restriciton

waytec

Re: OD Query Restriciton

Justin Derrick

Re: OD Query Restriciton

waytec

Re: OD Query Restriciton

Justin Derrick

Re: OD Query Restriciton