Data Access Group Access

This feature allows access to group client configuration, group account configuration and/or policies to be restricted.

Note that:

  • all three, group client, group acccount and policies can be assigned to a data access group

  • there is no inheritance; if a group client is assigned to a data access group, then the group’s configuration is protected but the access restriction will not extend to the group accounts that belong to that group client; if a group account is assigned to a data access group, then the group account’s configuration is protected but the access restriction will not extend to the policies that belong to that group account. If the policies under the group account also require access protection, then those policies need to be explicitly assigned to the same data access group.

    Inference Prevention

    When a user searches for group clients or group accounts, group clients or group accounts referencing data access groups that they are not allowed to see, will not be returned at all. For example, while accessing a group client, a restricted group account will not be returned if a user does not have access to it.

This also applies when searching for one of the related entities.

When a user searches for policies of data access groups that they are not allowed to see, they will not be returned at all.

Related Entities

When access to a group client is restricted, the following details are restricted also:

  • Group Client Premium Schedule

  • Group Client Adjustment

  • Group Client Broker Agent

  • Group Client Collection Setting

  • Group Client Billing Account

  • Premium Bill Allocation

  • Group Client Event

  • Group Commission Rate

  • Group Client Event

  • Group Client Message

  • Group Client Note

When access to a group account is restricted, the following details are restricted also:

  • Bill Receiver

  • Group Account Add-on

  • Group Account Adjustment

  • Group Account Available Product

  • Group Account Available Product Add-on

  • Group Account Broker Agent

  • Group Account Collection Setting

  • Group Account Insurable Class

  • Group Account Premium Schedule

  • Group Account Product

  • Group Account Product Add-on Override

  • Group Account Product Adjustment

  • Group Account Product Adjustment Value

  • Group Account Product Premium Schedule

  • Group Account Time Period

  • Premium Bill Allocation

  • Parameter Domain

  • Parameter Domain Value

  • Note

When access to a policy is restricted, the following details are restricted also:

  • Policyholder

  • Policy Billing Account

  • Policy Contract Period

  • Policy Collection Setting

  • Policy Calculation Period

  • Policy Premium Bill Allocation

  • Policy Bill Receiver

  • Policy Broker Agent

  • Policy Message

  • Policy Pend Reason

  • Calculation Result and related Calculation Result Lines

  • Policy Mutation

  • Member Enrollment

  • Member Enrollment Product

  • Member Add-on

  • Parameter Value

  • Attached Policy Data

  • Note

    Example

    User Bob is granted access restriction VIP_GROUP1. No access restrictions have been granted to user Pete. The following table shows for which data access groups they can access the policies.

    Table 1. Example
    Data Access Group Restriction Policies for group accessible by Bob? Policies for group accessible by Pete?

    VIP_GROUP1

    yes

    no

    empty

    yes

    yes

    VIP_GROUP2

    no

    no
When searching with Generic API, Top level Resource access restriction is applied. For details refer to HTTP API Data Access Restriction Concepts