2 Replies Latest reply on Aug 23, 2013 8:56 AM by Carl.Simpson

    Data Partitioning Question

    Expert

      Up until now we never used data partitioning because we thought we didn't need it.  However, while researching for a project, I noticed that it can be turned on so end users can't see incidents of other end users.  We have an occasional incident with sensitive info in it so it makes sense to turn it on.  With Webaccess, it's pretty easy to look at random incidents, start with your incident number, subtract 1 and put that number in the search field.  Your now looking at someone else's incident that may have a picture ID for a password.  So this is more of a heads up for everyone.  Should you be partitioning your data?

       

      So on to my question.  I will be creating incidents from an e-mail source with new account information.  I can flag these as special and then I can set a group up so that only those people can see the incident through data partitioning.  However, it seems that an analyst only has to change their group to the group that can see the data and then their all available.  I must be missing something because this seems way to easy to bypass the data partitioning.  If it is only meant to stop end users then I can see how that works.  But in my case I don't want everyone having access to SSN and DOB info.  How does everyone get around this?

        • 1. Re: Data Partitioning Question
          Stu McNeill Employee

          Hi Carl,

           

          Data partitioning is not normally required to block end users seeing each others incidents.  The search box in Web Desk can search them by number but the search box in Self Service (the only interface end users can access) will ONLY search your knowledge base.

           

          Partitioning is normally based on groups so you are absolutely correct that switching to that group gives you access.  A common scenario for analyst partitioning is that your analysts are only in the groups they require.

           

          Another option you might want to look at is attribute privileges.  You can enable any attribute on any object to be "privilege-able" via its properties in Object Designer and you can then limit which roles/groups can see and update the value.  This is particularly useful for sensitive data on attributes on common objects.

           

          I hope that helps.

          • 2. Re: Data Partitioning Question
            Expert

            That is a great description on the use of data partitioning.  Thanks.  Looks like I need to look at a new path for my project.