Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Currently, data access across domains affects only query data. Users in a root domain will be able to see events from data tables in all their child domains. The rest of the resources and assets are still domain-independent.

  • When a user in a root domain accesses the Data search area, they will see not only their own tables in the finder but all the tables with data in all their child domains.

Note that the table demo.ecommerce.data won’t show any data in root domains. It won't appear in your finder and you will get an error if you try to query it using a free text query.

  • If a user in the root domain accesses a data table that contains events from different domains, they will see the owner of each specific event in the client column. This column will be added to all the tables in a root domain and is always located next to the eventdate column.

It is important to mention that all the roles in the root domain will have access to the same data according to the rules set. If you need to limit access for specific roles in the domain, you can use custom finders and custom tables.

Also, note that a root domain will always have access to the following information by default:

  • All the Devo activity of the child domains in the siem.logtrust.web.activity table. Find more info about this table in this article.

  • All the ingestion metrics of the child domains in the siem.logtrust.collector.counter table.

  • All the alerts triggered in the child domains in the siem.logtrust.alert.info table. Find more info about this table in this article.

  • Access to all the data in the child domains using the global search.

  • Note that root domains will not see any data from their child domains in the widgets of the Devo Home area.

  • Also, root domains won’t have access to my.* tables owned by their child domains (such as my.app.* or my.synthesis.* ). If you need to see data from a my.app.* table owned by one of your child domains, you can access the my.app table and define a custom table that contains only the data from that child (the my.app table contains the data from all the my.app.* tables created by all the domains in the multitentant structure)

  • No labels