Securing Accounts Based On Region
Assume that accounts are classified as belonging to one of the following regions:
- Northwestern
- Northeastern
- Southwestern
- Southeastern
Assume the following company hierarchy exists:
![The figure illustrates the structure of an organization.](../images/28AccountSecurity004.jpg)
- Senior Management has access to all customers
- Northern Division Management has access to all customers in the Northwestern and Northeastern divisions.
- Southern Division Management has access to all customers in the Southwestern and Southeastern divisions.
- Northwestern Users have access to all customers in the Northwestern division.
- Northeastern Users have access to all customers in the Northeastern division.
- Southwestern Users have access to all customers in the Southwestern division.
- Southeastern Users have access to all customers in the Southeastern division.
The following diagram illustrates the access groups and data access roles required to implement these requirements:
![The figure illustrates how you can provide controlled access to different entities using the access group and data access role.](../images/28AccountSecurity006.jpg)
Notice the following about the above:
- There are 4 access groups because access to accounts is based on the region in which they are located (and there are 4 regions).
- There are 7 data access roles because each component of every layer of the access hierarchy requires a separate data access role.