Segmentation
Segmentation is the capability to restrict information access to a limited set of users based on their location, business area, and function within an organization. Create and use segments to control access to the content that might be sensitive or requires to be granted limited access due to regulatory needs. Create segments based on your organization requirements such as geography, business area, business function, and legal entity.
In an organization, you can make information available to users for simplicity, security, or regulatory reasons. Some Axon objects are made available to everyone, while some objects are restricted based on the work profile or location of an individual user. For example, a bank in Singapore with offices in Malaysia wants a common platform for data governance, but the regulations might not allow the information from Singapore to be shared with the employees of Malaysia. Similarly, two business areas might want to maintain their own content without sharing it to others for security reasons.
You can restrict access to sensitive information based on rules and regulations. You can update access control capabilities to allow information access based on the role type, profile, and organization structure. You can restrict the data access for the some of the following reasons:
- •To prevent access to sensitive information.
- •To ensure compliance with country-specific regulations.
- •To provide a way of driving multitenancy.
The following image describes different segments and users that are part of the segments:
You can assign an object to the Enterprise segment or a specific restricted segment that you create. An Enterprise segment is a public segment that all users can access. In the example, you can see that the operating entities are defined as segments. Each segment has assigned users and contains Axon objects. Though the operating entity governance users belong to different segments, they can access the Enterprise segment.
You can create multiple segments as per your requirements. You can assign a user to a single or multiple segments. You can associate an object to a segment. The object and its related or dependent objects must be part of the same segment. Only the users with access to a segment can view the objects that belong to the segment.
A SuperAdmin user can create a segment and assign a Segment Admin user to the segment. You can assign only Admin users as a Segment Admin. Segment Admin users are responsible to manage access to segments. A segment can have one or more Segment Admin users.
A SuperAdmin or Segment Admin user can associate users to the segments in the following ways:
- •Assign individual users to a segment.
- •Assign an org unit to a segment. All members of the org unit can access the segment.
Segmentation Example
Consider a car manufacturing company that has several subsidiaries, such as Car ABC, Car PQR, and Car XYZ. Each unit manages their own finance data. To restrict information access, you can create a segment for each car subsidiary.
The following image shows an example of different segments for a car company:
All users of each segment can access the Enterprise segment. Assign Segment Admin users and other users for each segment.
The following image shows a segment that is associated to different users and objects:
In the example, a SuperAdmin user creates a segment for the subsidiary Car ABC and adds Segment Admin users. You can add an org unit and individual users to the segment. Create glossaries for the Car ABC subsidiary and add the glossaries to the Car ABC segment. When you access the ABC - Series A1 and ABC - Series A5 glossaries from the Unison search, you can see that the glossaries belong the Car ABC segment.
Create a Segment
Create and manage segments from the Admin Panel. A SuperAdmin user assigns Segment Admin users to a segment.
1. From the Axon toolbar, click your user name and click Admin Panel.
2. From the navigation pane, click Meta-Model Administration > Segments.
You can view a list of existing segments.
3. To create a segment, click Create.
The Summary tab appears by default.
4. In the Definition section, enter a name and description for the segment.
5. In the Segment Admin Users section, click Add to assign a Segment Admin user to the segment.
You must assign at least one Segment Admin user to a segment. You can assign multiple Segment Admin users to a segment. You can assign a user only with an Admin profile as a Segment Admin user.
6. Click Save and Close.
You can view the segment that you created.
Assign Users to a Segment
SuperAdmin or Segment Admin users can assign users and org units to a segment.
1. From the Axon toolbar, click your user name and click Admin Panel.
2. From the navigation pane, click Meta-Model Administration > Segments.
You can view a list of existing segments.
3. Click a segment in which you want to add users.
The Summary tab appears by default.
4. Click the Assigned Users tab.
5. In the By Org Units section, click Add to add org units to the segment.
The Select Org Units dialog box appears.
6. Select an org unit from the list, and click Select.
All the users in the selected org unit can access the segment.
7. In the By Users section, click Add to add individual users to the segment.
The Select Users dialog box appears.
8. Select individual users from the list, and click Select.
9. Click Save and Close.
You can have assigned users and org units to the segment.
Delete a Segment
When you delete a segment, you need to move all the objects from the segment to the Enterprise segment or another segment. You need to be a SuperAdmin user to delete a segment.
1. From the Axon toolbar, click your user name and click Admin Panel.
2. From the navigation pane, click Meta-Model Administration > Segments.
You can view a list of existing segments.
3. Click the segment that you want to delete.
4. Click Delete.
The Delete Segment dialog box appears.
5. Choose one of the following options:
- - Move all objects from this segment to the default Enterprise segment that all users can access.
- - Move all objects from this segment to another segment. Select a target segment in which you want to move the objects. Ensure that stakeholders of all the objects from the segment that you want to delete have access to the target segment.
6. Click OK.
The segment is deleted after the objects are moved to an existing target segment.
Configure Default Segments
You can configure a default segment for a user who logs in to Axon.
1. From the Axon toolbar, click your user name and click Admin Panel.
2. From the navigation pane, click Customize & Configure > System Settings.
3. In the Group list, select Default Segment.
4. Click Edit.
5. Choose the following options:
Option | Description |
|---|
Enterprise Segment | Enable to set Enterprise Segment as the default segment for a user to view Axon content. |
Assigned Segments | Enable to set Assigned Segments as the default segment for a user to view Axon content. |
Note: If you choose either the Enterprise or assigned segment as the default segment for a user, the segments list on the Unison search page shows the default segment when the user logs in to Axon for the first time. If the user updates the segments selection list, the default segment that you configured does not persist when the user logs in again.
6. Click Save.
7. In the Linux environment, run the following command to clear the Axon cache and restart the necessary services:
sh <INSTALLATION_DIR>/axonhome/third-party-app/scripts/paramsync
When you run the paramsync script, Axon restarts the HTTPD, Memcached, and email notification services.
Note: When you clear the cache and restart the Axon services, the Axon web interface might be disrupted for some users that are logged into Axon. Informatica recommends that you update the cache after you save your changes in all the System Settings pages. Additionally, perform this action during a maintenance period when very few users use Axon.
Disable or Re-enable Segmentation
After you install or upgrade Axon, segmentation is automatically enabled, and you can restrict Axon objects by various segments. To make all Axon objects available to all Axon users, disable segmentation.
You must have the Super Admin profile to perform this task.
If you want to disable segmentation after the segments are created, delete all segments, and then disable segmentation.
1. To disable segmentation, go to the <INSTALLATION_DIR>/bin directory in the Linux environment, and run the following command:
disable_authorization.sh
2. To enable segmentation again, go to the <INSTALLATION_DIR>/bin directory in the Linux environment, and run the following command:
enable_authorization.sh
