Segmentation

In an organization, you can make information available to users for simplicity, security, or regulatory reasons. Some Axon objects are made available to everyone, while some objects are restricted based on the work profile or location of an individual user. For example, a bank in Singapore with offices in Malaysia wants a common platform for data governance, but the regulations might not allow the information from Singapore to be shared with the employees of Malaysia. Similarly, two business areas might want to maintain their own content without sharing it to others for security reasons.

You can restrict access to sensitive information based on rules and regulations. You can update access control capabilities to allow information access based on the role type, profile, and organization structure. You can restrict the data access for the some of the following reasons:

The following image describes different segments and users that are part of the segments:

You can assign an object to the Enterprise segment or a specific restricted segment that you create. An Enterprise segment is a public segment that all users can access. In the example, you can see that the operating entities are defined as segments. Each segment has assigned users and contains Axon objects. Though the operating entity governance users belong to different segments, they can access the Enterprise segment.

You can create multiple segments as per your requirements. You can assign a user to a single segment or multiple segments. You can associate an object to a segment. An object and its parent object must belong to the same segment. Only the users with access to a segment can view the objects that belong to the segment.

If an object belongs to a private segment, the related objects can be part of the same private segment or Enterprise segment. For example, if a Process object belongs to a private segment and a Policy object belongs to Enterprise segment, you can create Policy X Process relationships.

If an object belongs to one private segment, the related objects cannot be part of another private segment. For example, if two Process objects belong to separate private segments, you cannot create the Process X Process relationships.

For a parent-child relationship, the entire hierarchy must be part of the same segment. For example, glossary G1 has parent glossary G2, and glossary G2 has parent glossary G3. If glossary G3 belongs to segment HR, the entire hierarchy of glossaries G3 > G2 > G1 must belong to the same segment HR.

If a system belongs to a Private segment, the data set within the system must belong to the same private segment. If a system belongs to the Enterprise segment, the data set within in the system can belong to the Enterprise segment or any private segment.

A SuperAdmin user can create a segment and assign a Segment Admin user to the segment. You can assign only Admin users as a Segment Admin. Segment Admin users are responsible to manage access to segments. A segment can have one or more Segment Admin users.

A SuperAdmin or Segment Admin user can associate users to the segments in the following ways:

Consider a car manufacturing company that has several subsidiaries, such as Car ABC, Car PQR, and Car XYZ. Each unit manages their own finance data. To restrict information access, you can create a segment for each car subsidiary.

The following image shows an example of different segments for a car company:

All users of each segment can access the Enterprise segment. Assign Segment Admin users and other users for each segment.

The following image shows a segment that is associated to different users and objects:

In the example, a SuperAdmin user creates a segment for the subsidiary Car ABC and adds Segment Admin users. You can add an org unit and individual users to the segment. Create glossaries for the Car ABC subsidiary and add the glossaries to the Car ABC segment. When you access the ABC - Series A1 and ABC - Series A5 glossaries from the Unison search, you can see that the glossaries belong the Car ABC segment.