Question

4
Replies
1388
Views
Chunzhi_Hong Member since 2013 136 posts
PEGA
Posted: 4 years ago
Last activity: 4 years 4 months ago
Closed
Solved

7.2 How to restrict access to specific Data class

Requirement:

There is a data table contains sensitive information and the access to the data table should be granted per access role.

At a first glance, it looks simple enough to implement the requirement by creating an ARO which gives access (Read instance=5) to the specific data class and grant the ARO to desired Access Groups.

However, it turns out that even users belongs to Access group that doesn't have the ARO still can open records of the data table.

It seems that OOTB ARO defined on "Data-" class plays a role here, below is my test results.

Access GroupGranted AROsExpectedTest Result
MyApp:Managers

"Data-" (Read instance=5)

Can open any records of any data class that inherits from "Data-" class.As expected.
MyApp:Workers

"Data-" (Read instance=5)

"Data-Sensitive" (Read instance=0)

Can open any records of any data class that inherits from "Data-" class, except "Data-Sensitive".Can open any records of "Data-Sensitive" class.
MyApp:Visitors

"Data-" (Read instance=0)

Can NOT open any records of any data class that inherits from "Data-" class.

As expected.

Can open any records of "Data-Sensitive" class.

Message was edited by: Chunzhi Hong

Updated Test Result of "MyApp:Visitors"

Data Integration Security
Moderation Team has archived post
Share this page LinkedIn