Securing Accounts Based On Region

Assume that accounts are classified as belonging to one of the following regions:

  • Northwestern
  • Northeastern
  • Southwestern
  • Southeastern

Assume the following company hierarchy exists:

This illustrates the company hierarchy for the Northwestern, Northeastern, Southwestern, and Southeastern regions. Senior Management has access to all customers, the Northern Division Management has access to all customers in the Northwestern and Northeastern divisions, and the Southern Division Management has access to all customers in the Southwestern and Southeastern divisions. Each user region group has access to the appropriate division in the region.

  • Senior Management has access to all customers
  • Northern Division Management has access to all customers in the Northwestern and Northeastern divisions.
  • Southern Division Management has access to all customers in the Southwestern and Southeastern divisions.
  • Northwestern Users have access to all customers in the Northwestern division.
  • Northeastern Users have access to all customers in the Northeastern division.
  • Southwestern Users have access to all customers in the Southwestern division.
  • Southeastern Users have access to all customers in the Southeastern division.

The following diagram illustrates the access groups and data access roles required to implement these requirements:

The diagram illustrates the access groups and data access roles required to implement accounts classified into the Northwestern, Northeastern, Southwestern, and Southeastern regions.

Notice the following about the above:

  • There are 4 access groups because access to accounts is based on the region in which they are located (and there are 4 regions).
  • There are 7 data access roles because each component of every layer of the access hierarchy requires a separate data access role.