Configuring realm-based security provides complete control over the records users are permitted to access on the system. Users are not made aware of their realm status or of any records that exist outside the realms there are currently a part of.

Realms are defined using saved queries that can be combined to ensure only the relevant data is visible to the relevant users. Once the realm has been associated to a user group, all contained users are granted access only to the realm’s search results.

Please note that the queries used to define a realm are applied at runtime, resulting in any changes being applied immediately. Realms are applied cumulatively, and if a user is part of multiple groups that have multiple associated realms, the user will be able to view the records from all related realms.

Users granted administrator privileges have access to all records in an Index, regardless of realm configuration.

Realm Setup

Before realms can be used, they must be enabled by the system administrator.

Navigate to the Realms Setup page by clicking Setup, Security then Realm Configuration and enable the Realm Based Security option to activate the feature.

As an added security measure, there are a number of options to prevent unauthorised access from users that have not yet been associated to a realm.

The Default Realm Access drop-down list directly affects the System Default option in the Default Realm Access drop-down list when creating an Index. Selecting Open will result in new indexes being visible to all users, while selecting Closed will ensure it is only visible when explicitly set as part of a realm. 

Index Default Realm Access

The Index Default Realm Access options provides a number of lists to further configure data segregation.

The Open list will contain all Indexes that have been specified as Open from the Index screen Default Realm Access drop-down list. Individual entries can be moved to the Closed list to allow a customisable number of Indexes to remain Open.

There are also two additional lists that directly relate to the build options specified when creating the indexes on the system. The System Default list contains all Indexes that have had the Default Realm Access drop-down list specified as System Default from the Index screen.

The Sensitive list will contain every Index that has had the Sensitive build option enabled. This results in Closed realm access for the Index, and is designed as an extra security measure to prevent newly created Indexes becoming accidentally visible.

Click Modify Settings to apply any changes, or Cancel to discard any changes.

Creating a Realm

Realms are created by constructing one or more saved queries containing all of the records a group of users are able to view. Please refer to the Query chapter for detailed information regarding the different methods available when building a set of search results, specifically the Username Searches section if user-specific filtering is required.

Navigate to the Realms screen by clicking Setup, Security then Realms.

Details

Enter a unique name in the Name text box and click the Select Reports button. Select the required saved queries and click the Selected Reports tab. After ensuring the correct queries have been selected, click Add to Realm.

The selected queries will now be listed in the Realms screen. Use the drop-down list below the Select Reports button to manage selections, or Click the X icon to remove individual entries.

If multiple queries will be used to define a realm, choose the required Boolean operator from the Combine As radio buttons. Selecting And will return only the records that match all selected queries, while OR will return records that match at least one of the selected queries.

Making the Restrict Display Fields option Restricted will impact the individual columns a user has access to within an Index; they will only have access to the columns that have been saved in the query that denotes the realm. If set, the Effective From and Effective To options specify when the realm will be active. Users will only be able to access the data between the dates specified.

The All Indexes option ensures that saved queries that specify a field will be applied across all Indexes, regardless of whether the field is present. For queries that do not reference a field, such as a wildcard search, the realm will automatically be applied to all Indexes with this option disabled.

Groups

Realms are applied to Groups and not individual Users. 

Existing groups are displayed in the Available Groups list and groups that will be impacted by the realm are displayed in the Allocated Groups list. Use the Left and Right arrows to move selected groups between the two lists.

To complete the process, click Create Realm. To discard any changes made, click Cancel.

Managing Created Realms

Saved realms are displayed on the Realms screen. Under the options column, click the Run icon to build the associated Indexes and Data Sources, the Edit icon to modify the realm settings and the X icon to delete the realm.

Realms Validation

The Realms Validation page allows each realm to be tested to ensure only the correct results are returned. Click Setup, Security then Realms Validation to access this functionality.

Select the relevant Index to test from the Index drop-down list and enter the test query in the Query textbox. Click Search to perform the query with the relevant realm configuration.

The table below will list each associated realm along with the number of Matches and Mismatches.