Overview
This functionality enables the creation of policy field sets, which can be assigned to custom fields throughout your instance.
Subsequently, you can establish security policies and associate them with your policy field sets to regulate the visibility of field data across the entire instance.
This facilitates the application of data access policies on a global scale, particularly if you have data sensitivity classifications that apply across entire field sets.
These policies are enforced at the lowest level of security, ensuring that data visibility is managed according to each field's categorization and policy, as well as the access level of the end user, regardless of the access point—be it the object itself, a list view, or a report.
Configuration - Essentials
The configuration process for Policy Field Sets and Policies comprises the following steps:
- Creating Policy Field Sets
- Creating Data Policies
- Linking Policy Field Sets and Policies
- Adding Policy Field Set to Custom Fields
Creating Policy Field Sets
- Navigate to Global Settings - Security tab.
- Select the Policy Field Sets link to access the Policy Field Set Settings page.
- Click the "New Policy Field Set" button.
-
You will be directed to the New Policy Field Set Settings page,
which
includes the following settings:
- ID: a unique ID automatically generated upon saving
- Name: the name used to identify the policy field set
- Description: a description for the field set
- Type: select either Security or Data Retention
- Data Mask
- Complete the settings and click Save.
-
The Policy Field Set Settings page will refresh, revealing three
additional tabs:
- Standard Fields
- Custom Fields
- Linked Policies
NOTE: If you return to the Policy Field Set Settings page, the field set will be listed, accompanied by an Edit button to facilitate updates.
Creating Data Policies
- Navigate to Global Settings - Security tab.
- Select the Data Policies link to access the Data Policy Settings page.
- Click the "New Data Policy" button.
-
You will be directed to the New Data Policy Settings page, which
comprises the following settings:
- ID: a unique ID automatically generated upon saving
- Name: the name used to identify the policy
- Description: a description for the policy
-
Policy Type: select either Security or Data Retention
- Additional settings will be displayed based on the selected policy type
- Include Roles: a lookup to select the roles to which the policy should apply
- Complete the settings and click Save.
- The Policy Field Set Settings page will refresh, and the Linked Policy Field Sets tab will also be revealed.
Security Data Policies
-
Selecting the security policy type will display the Action field,
with the following options:
- Edit
- Edit (by Owner Only)
- Read
- Delete
- Forbidden
- View Encrypted Data
- Hide Data In Emulation Mode
NOTE: If you return to the Data Policy Settings page, the category will be listed, along with an Edit button to allow for updates.
Data Retention Data Policies
-
Selecting the data retention policy type will reveal the following
options:
- Action
- Entity
- Trigger After
- Date Field to Compare
Linking Policy Field Sets and Policies
When editing a Policy Field Set, you can link the current category with an existing Data Policy by navigating to the Linked Policies tab.
When editing a Data Policy, you can link the current policy with
an existing
Policy Field Set by navigating to the Linked Policy Field Sets tab.
The functionality for both tabs is identical and is as follows:
- Begin typing the name of the Data Policy or Policy Field Set into the Ajax lookup field and select from the returned results.
- Click the Add button.
- The policy/field set will now be listed under the Linked tab.
Adding Policy Field Set to Custom Fields
Navigate to the Policy Field Set tab, which is accessible from all Custom Fields settings pages (and specific Standard Fields for Users), and begin typing the name of the Policy Field Set into the Ajax lookup field. Select from the returned results.
The policy/category will now be listed under the Policy Field Set tab.
The custom field will also be displayed under the Custom Fields tab for the associated Policy Field Set.