5.3.2 Creating Business Domain

Business domains are used for data access controls similar to jurisdiction but have a different objective. The business domain can be used to identify records of different business types (for example, Private Client vs. Retail customer), or to provide more granular restrictions to data such as employee data. The list of business domains in the system resides in the KDD_BUS_DMN table. Behavior Detection tags each data record provided through the Data Management to one or more business domains. Behavior Detection also associates users with one or more business domains in a similar fashion. If a user has access to any of the business domains that are on a business record, the user can view that record.

The business domain field for users and data records is a multi-value field. For example, you define two business domains:

• a: Private Client
• b: Retail Banking

A record for an account that is considered both has BUS_DMN_SET=ab. If a user can view business domain a or b, the user can view the record. You can use this concept to protect special classes of data, such as data about executives of the firm. For example, you can define a business domain as e: Executives.

You can set this business domain with the employee, account, and customer records that belong to executives. Thus, only specific users of the system have access to these records. If the executive’s account is identified in the Private Client business domain as well, any user who can view Private Client data can view the executive’s record. It is important not to apply too many domains to one record.