Create record level restrictions

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Set record level restrictions in DLP incidents to protect sensitive records from being exposed. You can use record level restrictions to control the users or groups who can access specific records in the DLP incidents.

    Before you begin

    Role required:
    • sn_dlir.admin - Create, edit, and delete.
    • sn_dlir.analyst and sn_dlir.analyst_read - View (read-only).

    About this task

    Record level restrictions enable you to provide access to records only for specific users or groups, providing a more granular way to control the records a user can access. You can create a record level restriction by defining the DLP incident matching conditions, selecting the users or groups to which these conditions apply, and then choosing the DLP records that these users or groups can view.

    Procedure

    1. Navigate to All > DLP Administration > Incident Access Restrictions > Record level restrictions.
    2. Click New.
    3. On the form, fill in the fields.
      Table 1. DLP Record Level Restriction form
      Field Description
      Name Name of the record level restriction.
      Short description Unique description for this record level restriction.
      Execution order Priority of the record level restrictions. This field indicates the order in which the record level restrictions are executed when two or more record level restrictions share the triggering conditions.

      The record level restriction with the lowest number has the highest priority.

      To set the order of operation, enter a value. For example, 100, 200, or any other number. The default value is 100.
      Allow access to incidents matching the condition Options enable access to the incidents that matches the defined conditions. You can select any of the incident fields for defining the trigger condition for the record level restrictions.
      Use the lists and fields of the conditions builder to set the filters for the first row. To add more conditions, click AND or OR:
      • If AND is selected, all conditions must be matched.
      • If OR is selected, either condition can be matched.

      To set a second filter condition, click New Criteria.

      Note:
      The conditions in the condition builder are case sensitive.

      For example, you can select the field as Activeand set the condition as is, and true.
      Applies to Option to apply record level restrictions to specific users or groups. You can apply the conditions as follows:
      • Users: Click the Lock icon icon to add a particular user from the list to whom the selected record is applicable. You can also add a user by using their email address or search option. For example, Legal Manager.

        To add yourself as the user to whom the record is applicable, click the Add me icon. For example, System Administrator.

      • Groups: Click the Lock icon icon to add a particular group from the list to whom the selected record is applicable. You can also add a group by using the search option. For example, Survey creators.
      Figure 1. DLP Record Level Restriction
      Set up record level restrictions for your DLP incidents
    4. Click Submit.