Skip to main content

Create Data Filter Policies

Create Data Filter Policies to limit which objects of a specific type users can view in EmpowerID. Data Filter Policies use SQL SELECT statements written against the Identity Warehouse to define which subset of objects is visible to users with the policy.

Prerequisites

Before creating Data Filter Policies, ensure you have:

  • Access to create and manage Visibility Filter policies in EmpowerID

Procedure

  1. In the EmpowerID web application, navigate to Role Management > Visibility Restriction Policies.

  2. Select the Actions tab.

  3. Click Create Data Visibility Filter. Create Data Visibility Filter Button
    The Filter Details form displays. Data Filter Policy Filter Details

  4. From the Assign Policy To dropdown, select the Actor type that will receive the policy:

    • Person — Applies the policy to a specific person
    • Group — Applies the policy to all members of a specific group
    • Business Role and Location — Applies the policy to all people in a specific BRL combination
    • Management Role — Applies the policy to all members of a specific Management Role
    • Management Role Definition — Applies the policy to all child Management Roles of a definition
    • Query-Based Collection (SetGroup) — Applies the policy to all members of a specific collection

  5. In the assignee field that appears (labeled based on your Actor type selection), specify the actor to receive the policy:

    • For most Actor types: Search for and select the specific actor
    • For Business Role and Location: Click Select a Role and Location, search or browse for the desired Business Role and Location, then click Select Select Business Role and Location

  6. In the Name field, enter the internal name for the policy.

  7. In the Description field, enter a description of what the policy filters.

  8. In the Priority (Lower is Higher Priority) field, enter a numeric value from 1 to 100.

    Lower numbers indicate higher priority when a user has multiple policies (priority 1 overrides priority 50).

  9. Leave the Mode field set to Default.

  10. In the Object Type (Component) To Filter field, search for and select the EmpowerID component you want to filter (e.g., Person, Account, Group).

  11. Leave the Pre-Query field blank.

  12. In the Select Clause field, enter the SQL SELECT statement that defines which objects users can view.

    For example, to allow users to see only people with a specific job title (if the Title field is used in your environment):

       SELECT PersonID FROM dbo.Person (NOLOCK) WHERE Title = 'Contractor'

  13. Ensure the Enabled checkbox is selected to activate the policy.

  14. Click Save.

Verify the Results

After creating the Data Filter Policy:

  1. Log out of the EmpowerID web application.

  2. Log in as a user who should have the policy applied (e.g., a member of the group or Management Role to which you assigned the policy).

  3. Navigate to a page where the filtered resource type is displayed.

    For example, if you created a Data Filter for Person objects, navigate to the White Pages or People search.

  4. Search for or view all objects of the filtered type.

  5. Verify that only the objects permitted by your SQL filter appear in the results.

    For example, if your filter limits visibility to people with Title = 'Contractor', verify that only people with the Contractor title appear.

  6. Attempt to search for a specific object that should be filtered out (e.g., search for a person who is not a Contractor).

  7. Verify that the filtered-out object does not appear in search results or is not accessible.

  8. (Optional) Log in as a user without the policy and verify they can see the full set of objects.