Data Access Group Access
This feature allows access to group client configuration, group account configuration and/or policies to be restricted.
Note that:
-
all three, group client, group acccount and policies can be assigned to a data access group
-
there is no inheritance; if a group client is assigned to a data access group, then the group’s configuration is protected but the access restriction will not extend to the group accounts that belong to that group client; if a group account is assigned to a data access group, then the group account’s configuration is protected but the access restriction will not extend to the policies that belong to that group account. If the policies under the group account also require access protection, then those policies need to be explicitly assigned to the same data access group.
- Inference Prevention
-
When a user searches for group clients or group accounts, group clients or group accounts referencing data access groups that they are not allowed to see, will not be returned at all. For example, while accessing a group client, a restricted group account will not be returned if a user does not have access to it.
This also applies when searching for one of the related entities.
When a user searches for policies of data access groups that they are not allowed to see, they will not be returned at all.
- Related Entities
-
When access to a group client is restricted, the following details are restricted also:
-
Group Client Premium Schedule
-
Group Client Adjustment
-
Group Client Broker Agent
-
Group Client Collection Setting
-
Group Client Billing Account
-
Premium Bill Allocation
-
Group Client Event
-
Group Commission Rate
-
Group Client Event
-
Group Client Message
-
Group Client Note
-
When access to a group account is restricted, the following details are restricted also:
-
Bill Receiver
-
Group Account Add-on
-
Group Account Adjustment
-
Group Account Available Product
-
Group Account Available Product Add-on
-
Group Account Broker Agent
-
Group Account Collection Setting
-
Group Account Insurable Class
-
Group Account Premium Schedule
-
Group Account Product
-
Group Account Product Add-on Override
-
Group Account Product Adjustment
-
Group Account Product Adjustment Value
-
Group Account Product Premium Schedule
-
Group Account Time Period
-
Premium Bill Allocation
-
Parameter Domain
-
Parameter Domain Value
-
Note
When access to a policy is restricted, the following details are restricted also:
-
Policyholder
-
Policy Billing Account
-
Policy Contract Period
-
Policy Collection Setting
-
Policy Calculation Period
-
Policy Premium Bill Allocation
-
Policy Bill Receiver
-
Policy Broker Agent
-
Policy Message
-
Policy Pend Reason
-
Calculation Result and related Calculation Result Lines
-
Policy Mutation
-
Member Enrollment
-
Member Enrollment Product
-
Member Add-on
-
Parameter Value
-
Attached Policy Data
-
Note
- Example
-
User Bob is granted access restriction VIP_GROUP1. No access restrictions have been granted to user Pete. The following table shows for which data access groups they can access the policies.
Table 1. Example Data Access Group Restriction Policies for group accessible by Bob? Policies for group accessible by Pete? VIP_GROUP1
yes
no
empty
yes
yes
VIP_GROUP2
no
no
When searching with Generic API, Top level Resource access restriction is applied. For details refer to HTTP API Data Access Restriction Concepts |