IBM CMOD Query Restrictions
There may be situations in which you may want to restrict the range of documents that end users may have access to, without creating an loading that data into a separate Application Group and Folder.
How Query Restrictions Work
Query restrictions are created inside Group definitions. They take the form of a fragment of an SQL statement that limits the results returned. They're added to the SQL command built by Content Manager OnDemand, before it is sent to the database to be executed.
Let's say that you're a bank, and you want to prevent cashiers from seeing data from customers from outside the branch. You could add a new Group called "Branch 1234" and create a query restriction like this:
BRANCH_NO = 1234
And then add the users from that branch to that group. When members of that group ('branch') perform searches in OnDemand, the "BRANCH_NO = 1234" term is added to the SQL statement without the end user seeing it, restricting the search results.
In another case, you may want a regional manager at the bank to be able to have access to all customer data for bank branches in their region. Another new group might be called "Eastern Branches" with the following SQL fragment:
BRANCH_NO IN (1234, 1235, 1236, 1237, 1238, 1239)
This provides the regional manager access to reports from 6 different branches, without needing to define a 'region' field in the Application Group.
Obviously, there is a performance implication, as you are making the SQL statement more complex. You can help reduce the impact of Query Restrictions on search performance by indexing that field in the Application Group -> Field Information tab.