Segmentation
Segmentation is the capability to restrict information access to a limited set of users based on their location, business area, and function within an organization. Create and use segments to control access to the content that might be sensitive or requires to be granted limited access due to regulatory needs. Create segments based on your organization requirements such as geography, business area, business function, and legal entity.
In an organization, you can make information available to users for simplicity, security, or regulatory reasons. Some Axon objects are made available to everyone, while some objects are restricted based on the work profile or location of an individual user. For example, a bank in Singapore with offices in Malaysia wants a common platform for data governance, but the regulations might not allow the information from Singapore to be shared with the employees of Malaysia. Similarly, two business areas might want to maintain their own content without sharing it to others for security reasons.
You can restrict access to sensitive information based on rules and regulations. You can update access control capabilities to allow information access based on the role type, profile, and organization structure. You can restrict the data access for the some of the following reasons:
- •To prevent access to sensitive information.
- •To ensure compliance with country-specific regulations.
- •To provide a way of driving multitenancy.
The following image describes different segments and users that are part of the segments:
You can assign an object to the Enterprise segment or a specific restricted segment that you create. An Enterprise segment is a public segment that all users can access. In the example, you can see that the operating entities are defined as segments. Each segment has assigned users and contains Axon objects. Though the operating entity governance users belong to different segments, they can access the Enterprise segment.
You can create multiple segments as per your requirements. You can assign a user to a single or multiple segments. You can associate an object to a segment. The object and its related or dependent objects must be part of the same segment. Only the users with access to a segment can view the objects that belong to the segment.
A SuperAdmin user can create a segment and assign a Segment Admin user to the segment. You can assign only Admin users as a Segment Admin. Segment Admin users are responsible to manage access to segments. A segment can have one or more Segment Admin users.
A SuperAdmin or Segment Admin user can associate users to the segments in the following ways:
- •Assign individual users to a segment.
- •Assign an org unit to a segment. All members of the org unit can access the segment.
- •Assign users to a segment via Single Sign-on (SSO).
Segmentation Example
Consider a car manufacturing company that has several subsidiaries, such as Car ABC, Car PQR, and Car XYZ. Each unit manages their own finance data. To restrict information access, you can create a segment for each car subsidiary.
The following image shows an example of different segments for a car company:
All users of each segment can access the Enterprise segment. Assign Segment Admin users and other users for each segment.
The following image shows a segment that is associated to different users and objects:
In the example, a SuperAdmin user creates a segment for the subsidiary Car ABC and adds Segment Admin users. You can add an org unit and individual users to the segment. Create glossaries for the Car ABC subsidiary and add the glossaries to the Car ABC segment. When you access the ABC - Series A1 and ABC - Series A5 glossaries from the Unison search, you can see that the glossaries belong the Car ABC segment.