Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Multidomain MDM 10.5
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction
  3. Configuring the Data Director Application
  4. Establishing a Root Node
  5. Defining the Business Entity Model
  6. Configuring Business Entity Properties
  7. Configuring Reference Entity Properties
  8. Transforming Business Entities and Views
  9. Configuring Hierarchy and Network Relationships
  10. Creating Match Rule Sets
  11. Configuring Search
  12. Configuring Tasks
  13. Configuring Security and Data Filters for Business Entities
  14. Configuring the Content Security Policy
  15. Integrating Data as a Service
  16. Configuring External Calls
  17. Designing the Data Director User Interface
  18. Localizing Data Director
  19. Appendix A: Provisioning Tool Frequently Asked Questions

Provisioning Tool Guide

Provisioning Tool Guide

Back Next

Node Filter Rules

Node Filter Rules

When you create a node filter for a business entity, you control access to the parent record when the node has no child records. For example, if a customer record has no address associated with it, you might allow users with the DataSteward-Global role permission to view the parent record, but all other data steward roles cannot view the parent record.
Before you create node filters, decide how you want to manage rules. You can define rules in terms of who is denied access, who is allowed access, or both. Familiarize yourself with the behaviors of each approach and create an overall plan. For maintenance purposes, it can be more straightforward to use only one type of rule.
Avoid creating an excessive number of filters. The more filters, the longer it takes to process search requests. If you have performance issues after adding filters, consider reducing the number of filters.

Deny rules only

Deny rules are joined by a logical OR. If you define only deny rules for a node filter, the following behaviors apply:
  • When a user role is not assigned to any deny rules, the user can see any parent record.
  • When a user role is assigned to all deny rules, the user cannot see any parent record.
  • When a user role is assigned to one deny rule, and there is no child record for the node, the user cannot see the parent record.
  • When a user role is assigned to multiple deny rules, and at least one child record exists that satisfies the rule, the user cannot see the parent record.
  • When a user role is not assigned to any deny rules, but one or more deny rules have the
    Apply this rule
     option selected, the user cannot see the parent record if a record satisfies any of these rules.

Allow rules only

Allow rules are joined by a logical AND. If you define only allow rules for a node filter, the following behaviors apply:
  • When a user role is not assigned to any allow rules, the user cannot see any parent record.
  • When a user role is assigned to all allow rules, the user can see any parent record.
  • When a user role is assigned to one allow rule, and there is no child record for the node, the user can see the parent record.
  • When a user role is assigned to multiple allow rules, and
    all
     the rules are satisfied, the user can see the parent record.
  • When a user role is assigned to multiple allow rules, and any of the rules are not satisfied, the user cannot see the parent record.
  • When a user role is not assigned to any allow rules, but one or more allow rules have the
    Apply this rule
     option selected, the user can see the record if all the rules are satisfied.

Both deny and allow rules

If you define both deny rules and allow rules for a node filter, the following behaviors apply:
  • If a user role is not assigned to any deny rules or allow rules, the user cannot see any parent records.
  • If a user role is assigned to one or more deny and allow rules, and a record satisfies any of the deny rules, the allow rules are ignored and the user cannot see the parent record.
  • If a deny rule is not satisfied, the allow rules are processed as described in the
    Allow rules only
     section.

Multiple node filters exist for the same business entity

When a user role is assigned to more than one node filter, the following behaviors apply:
  • If a deny rule is satisfied in any of the node filters, the user cannot see the parent record.
  • If a deny rule is not satisfied among the node filters, the allow rules are processed as described in the
    Allow rules only
     section.
0 COMMENTS
We’d like to hear from you!