Skip to content

About Divisions

Divisions provide a comprehensive security mechanism that ensures data integrity and access control across the RCX system. Divisions serve as logical boundaries for data segregation within RCX. They enable organizations to segregate data by business units, regions, or other organizational structures while maintaining referential integrity.

Divisions work in conjunction with role-based access control (RBAC) to provide granular, record-level security.

Key capabilities include:

  • Data Isolation: Segregate data by divisions while maintaining referential integrity
  • Division-based Access Control: Users can access and change only data within their assigned divisions
  • Hierarchical Division Structure: Support parent-child relationships between divisions for organizational alignment
  • Enhanced RBAC + ABAC Enforcement: Combines role-based permissions with division-level attribute controls
  • Division Deactivation Constraints: Prevents removal of divisions when child data exists across the hierarchy
  • Automatic Division Assignment: When division checking is enabled, user's division is automatically assigned to entities they create or edit

How Divisions Work

Before implementing divisions in your organization, it's important to understand the core mechanics of how divisions control access and interact with your data. This section explains the fundamental concepts that govern division behavior in RCX.

The Division Assignment Model

Both users and entities (rules, folders, programs, and so on) can be assigned to one or more divisions. Access is granted when there's overlap; if a user belongs to a division that's also assigned to an entity, they can access that entity (subject to their role's permissions).

Division Isolation and Changes

Division isolation ensures that changes made by users in one division don't affect rules owned by other divisions. This creates clear boundaries between different parts of your organization while allowing controlled sharing when needed.

Automatic Assignment

When division checking is enabled, the user's division is automatically assigned to entities they create or edit, ensuring that new content is properly secured from the moment of creation.

See also: