This is an overview of domain separation and Data Certification processing. With
domain separation you can separate data, processes, and administrative tasks into logical
groupings called domains. You can then control several aspects of this separation, including
which users can see and access data.
Support level: Basic
- Business logic: Ensure that data goes into the proper domain for the application’s
service provider use cases.
- The application supports domain separation at run time. This includes domain
separation from the user interface, cache keys, reporting, rollups, and aggregations.
- The owner of the instance must set up the application to function across multiple
tenants.
Use case: When a service provider (SP) uses chat to respond to a tenant-customer’s
message, the client must be able to see the SP's response.
How domain separation works in Data Certification
- Data Certification has only basic domain separation. As long as the Certification Instances
(CIs) or records that must be certified are correctly domain-separated and the user who must
certify the CIs or records are in a domain that can view the data, Data Certification will
work as expected.
- It's best that the instance owner must be responsible for assigning Certification Tasks and
Certification Instances to the correct domain. Changing the domain for these records does not
change functionality, but limits the view of the records.
How to set up domain separation for Data Certification
After enabling the Domain Separation plugin, there are no additional steps required to set up
domain separation for Data Certification.
- instance owners determine which CIs or records that need to be certified can be
domain-separated.
- Customers can configure a domain-separated environment by assigning tasks to a domain, but
if the data is already domain separated, then only users with the right domain permissions can
view the data in a certification task.
How tenant domains manage their own application data
Setting the domain on the certification tables is not necessary, but can be done if the
instance owner wants . As long as the CI’s or records that must be certified are domain
separated, users with the correct domain permissions can view them.
Domain separated tables
- cert_instance – Changing the domain on this table does not change any functionality, or
change the domains of the tasks created from it.
- cert_task – Changing the domain on this table changes the domain viewing permissions of the
task.
- cert_element – It is not recommended to change the domain on these records. As long as the
CIs or records to be certified are already domain-separated, cert_element records will reflect
that.
- cert_filter – Changing the domain on this table changes the domain viewing and filtering of
CIs or records.
Use cases
Instance owners who have multiple clients that mustto certify the infrastructure they own can
assign domains to those CIs and the Certification Tasks to restrict the view from one client to
another.
