Your organization has customers in the European Union and other countries. You must implement the General Data Protection Regulation (GDPR) to ensure that only EU data stewards have access to the records of European Union citizens. You have other data stewards who have access to the records of non-European Union citizens. In this example, the customer data includes a GDPR field.
The following table summarizes the requirements for role access based on the value of the GDPR field:
GDPR Value in Data
DataSteward-EU Role
DataSteward-NonEU Role
GDPR="true"
Allow access
Deny access
GDPR="false"
Deny access
Allow access
The following process outlines one way to implement the GDPR example:
In the Hub Console, create the following user roles: DataSteward-EU and DataSteward-NonEU.
Grant all permissions to each role for the Customer base object tables, child tables, lookup tables, and cleanse functions.
In the Provisioning tool, open the Customer business entity.
Create a field filter for the GDPR field.
Create a deny rule, and set the value to true and the role to DataSteward-NonEU.
This rule translates to "When GDPR is selected, don't allow the non-EU data stewards to access the records."
In the Remaining Values rule, set the role to DataSteward-EU.
This rule translate to "When GDPR is not selected, don't allow the EU data steward to access the records."