Report assessment and domain separation

Zurich Platform Analytics

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Platform Analytics

ft:clusterId

par

bundleId

par

workflow

Platform

Report assessment and domain separation

Release version: Zurich

Updated July 31, 2025

1 minute to read

In domain separated instances, the ACL Assessment for Reports has certain limitations.

Domain separation property

Configure the true/false property sn_report_acl.run_scan_with_queryNoDomain to specify whether the assessment applies to the whole instance or to an individual domain.

This property is only valid on domain-separated instances. It defines whether the app considers the user domain when you run the query. If false, security_admins gets results only for the domains they have visibility to.

A global security_admin can set the property to true and view the results for all the domains on the instance. The individual security_admins can then retrieve the collected results for their own domains. For more information, see Filter report assessment scans.

The assessment runs as a normal query when this property is set to true on a single domain instance. The application treats the assessment as if the property is false if the property is deleted.

Note:

When you run the assessment as a global security_admin, be sure to set the property back to false. If true, any security_admin can query the entire instance. Other security_admins don't see data that they don't have the right to view, but collected data is overwritten.