Defining Location Security

User access to locations is determined by location security. You define the user groups to create for each location.

Location security (user access to locations) for Data Management is configured and enforced by options on the Location Security Settings tab. You define the user groups to create for each location. When a location is created or updated, then you can create as many groups as defined in the system settings for the location. Additionally, a Maintain User Groups option enables you to create user groups in mass for all the existing locations.

Several dependent processes must occur before Location Security is fully implemented:

1. When a Location is created, User Groups are created automatically in Application Management.

   The user group contains the name of the location and additional prefix and suffix information based on the user preference. In addition, roles are provisioned for User Groups.

2. The administrator provisions the users to the User Groups.

3. When the user logs in, Data Management determines the groups assigned to the user.

   Based on the name of the group, Data Management determines the accessible locations.

4. The POV region filters the locations based on the user access.

Note:

If the web services and batch scripts are used, then location security is still maintained and enforced.

To display the Location Security tab:

1. On the Setup tab, under Configure, select Security Settings.

2. Select the Location Security tab.

To add a user group for location security:

1. On the Setup tab, under Configure, select Security Settings.

2. Select the Location Security tab.

3. In the Location summary grid, click Add.

   A LOCATION name row is added. When the group is saved, the Group name is in the form of Prefix_Location_Suffix, for example, FDMEE_LOCATION_DATA.

   The prefix and suffix help identify groups in Common Shared Services (CSS).

4. In the Security Setting Details grid, enter a description of the user group in the Description field.

   For example, enter: Group for Creating and Running Integration.

5. In the Prefix field, enter FDMEE.

   When the group is saved, the prefix is prepended to the group name.

   Note:

   Underscore is not supported in the prefix or suffix for group names.

6. In the Suffix field, select the name of the function or rule that the user is provisioned to access.

   Note:

   Underscore is not supported in the prefix or suffix for group names.

   For example, specify:

   • Run Integration role

   • Create Integration role

   When the group is saved, the suffix is appended to the group name.

7. Select the list of roles provisioned for the user group by selecting the appropriate roles:

   • Create Integration

   • Run Integration

   By default, only Service Administrators and Power Users can access Data Management to work on the data integration process.

   To enable users with the User or Viewer identity domain role to participate in the integration process, Service Administrators and power users can grant the following Data Management roles to them.

   • Create Integration—Uses Data Management to create mappings to integrate data between source and target systems. Users can define data rules with various run time options.

   • Run Integration From Data Management—Executes data rules with runtime parameters and views execution logs.

   For information on available roles, see Role Level Security.

8. Click Save.

9. To create user groups in mass for the location, click Maintain User Groups.

To disable security by location:

1. On the Setup tab, under Configure, select Security Settings.

2. Select the Location Security tab.

3. Click Disable Security by location.

   When security by location is disabled, this message is displayed: Security by Location is disabled. Would you like to enable the feature?

4. Click Save.