By default, a user that belongs to multiple roles can access child records or grandchild records based on the combined data security filters.
For example, consider a data security model in which the user belongs to the role 'Sales Manager NY' and the role 'Car Sales Manager NJ'.
The role 'Sales Manager NY' has the following data security filters:
Filter 1: State Code is 'NY'.
Filter 2: Phone Type is 'Business' or 'Home'.
The role 'Car Sales Manager NJ' has the following data security filters:
Filter 1: State Code is 'NJ'.
Filter 2: Car Year is '2009'.
Consider a scenario where the database has a primary object record for John Smith. John has billing addresses with state code values of 'NY', 'NJ', and 'TX'. John has phone numbers with phone type values of 'Business' and 'Facsimile'. John has a car produced in the year 2009, and a car produced in the year 2001. The user with the role 'Sales Manager NY' and the role 'Car Sales Manager NJ' sees the following information:
The user sees the NY and NJ billing addresses because the State Code filter is configured for both roles.
If the attribute 'affectFilter' for 'securityValue' is
false
, the user sees phone numbers for all phone types, and car records for all years. Informatica Data Director (IDD) does not apply the data security filters for the phone type or the car year because these filters are not configured for both roles.
If the attribute 'affectFilter' for 'securityValue' is
true
, the user sees the phone numbers for the 'Business' phone type and car data for the year 2009. IDD applies all data security filters that are configured for each role. The default of the attribute 'affectFilter' is