Data segmentation restricts the search data returned for a given user based on authentication group using Tealeaf events that you create.
Events that are configured for data segmentation are used to filter live sessions so that active sessions appearing in the Portal are visible only to users who have access to them. In addition, you can specify which events are visible to members of specified groups; users cannot see sessions from other groups, and active events appearing in the Portal pertaining to the other groups' sessions are hidden, too.
For every submitted search, the term is ANDed with a restricting term defined for the user's authentication group. The second search term that is appended to the user's search term is an event configured to fire on a specific type of session.
Prerequisites
Before you begin configuring event-based data segmentation, please verify that the following conditions are met:
- Users must be added to the appropriate groups.
- You must have Portal or NT authentication enabled on every machine where Search Server is running.
- You must have an admin user group assigned in order to configure authentication.
- You must point each server to the authentication master server to populate the same groups to each server in the environment. Having different groups on different servers causes varying results.
- You must have the Portal also configured for NT authentication.
- Proper data segmentation depends on a correctly configured event.
- You must set the value of Canister Server to the appropriate value, if you have all of the following conditions in your Tealeaf environment:
- Data segmentation with Portal or NT authentication
- The Portal Server is the authentication master
Data segmentation example 1
For example, suppose your enterprise supports two web sites, www.example1.com
and www.example2.com
. There are separate customer service groups to monitor each website, and neither group is supposed to see the session data from the other site.
To enable data segmentation, two separate events must be defined. One event fires when the request or response pertains to www.example1.com
, while the other responds to www.example2.com
data. The first event is assigned unique identifier 17
, and the second received unique ID 18
.
To enable data segmentation of these two websites:
- Through Search Server configuration, authentication is enabled.
- Two user groups are created:
Example1group
andExample2group
. - The appropriate users are added to each group.
- Through the Search Server configuration:
Example1group
is configured to use the following filter string:(canisterappevent/uniqueid contains 17)
Example2group
is configured to use the following filter string:(canisterappevent/uniqueid contains 18)
- When members of the
Example1group
do searches, they cannot see sessions fromwww.example2.com
sessions. WhenExample2group
members execute searches, they cannotwww.example1.com
sessions.
Each group added in Search Config can have multiple events associated with it. These events can be combined using the Boolean operators AND or OR.
- For users belonging to multiple groups, individual filters are OR'ed together before being joined with the requested search. For the above example, for each search term executed by a member of both groups, the following filter is applied to the term:
((canisterappevent/uniqueid contains 18) or (canisterappevent/uniqueid contains 17))
Data segmentation example 2
As another example, suppose you configured the following three groups with events in Search Config:
- Group
- Events
TeaLeaf\users
event 1
TeaLeaf\eng
(Items AND'ed together)-
event 2 event 3
TeaLeaf\qa
(Items OR'ed together)-
event 4 event 5 event 6
- A user who is a member of
TeaLeaf\users
searching for the wordsession
generates the search query:(canisterAppEvent contains 1) and (session)
- A user who is a member of
TeaLeaf\eng
searching for the wordsession
generates the search query:(canisterAppEvent contains (2 and 3)) and (session)
- A user who is a member of both
TeaLeaf\eng
andTeaLeaf\qa
searching for the wordsession
generates the search query:(canisterAppEvent contains (2 and 3) or (4 or 5 or 6)) and (session)