Data markings allow you to mark resources, categories, users, and user groups with custom-defined access levels. These levels work hierarchically; i.e., the data marking with the highest level access includes all lower access levels, mid-level data marking includes the lowest levels, and so on. You can employ data markings when listing or accessing resources on the server as an additional security layer together with the Role-Based Access Control (RBAC) mechanism.
The video below explains how the Data markings feature works:
In order to use data markings, you need sufficient permissions, either the Mark Data permission assigned to the Data Markings Manager role or the Configure Data Markings permission assigned to the Security Manager role. |
To use data markings, you must enable them in the Settings app, where you can also create, reorder, edit, and remove data markings.
To enable data markings
Once you enable data markings, you see the data markings configuration page:
Once you enable data markings in the Data markings configuration page, no data markings are shown yet. To use data markings, you have to create them.
To create data markings
Because data markings work hierarchically, their order in the table is important. Thus, the data marking at the very top of the table will have the broadest access rights and will include all of the levels below it. To change the priority of the data markings, reorder them in the table.
To reorder data markings
To edit data markings
To remove data markings