Question

4
Replies
94
Views
Chhatrapal Member since 2012 14 posts
Roche Poland
Posted: April 27, 2020
Last activity: May 18, 2020

ABAC READ Policy

Hello,

 

I am working on pega 8.3.2 version. I am facing very strange issue with Attribute based control policy rule (ABAC). 

I have one parent FW Data config Org-FW-App-Data-Config  concrete class where i have defined InstanceID property. Under this config class i have around 25 + child classes for example: Org-FW-App-Data-Config-A , Org-FW-App-Data-Config-B and so on... All data types are delegated to Country specific support user. 

InstanceID property (defined in parent config data class) is used by child classes to define their country specific data. And each country can see data specific to their country. for example : if i am from US then Only US related data instance should be visible in this delegated table. if im from UK then UK data instance should be visible and so on. 

I am trying to achieve this with ABAC READ policy on Org-Div-App-Data-Config to avoid creating policies on child classes. 

Problem: 

Policy works fine with SINGLE filter condition in Access control policy condition. But if i have more than condition logic , i would like to grant full access for Super Admin users to see all country data. I created a Access when rule to check access group is Admin or not. but when i REFERRED additional access when rule then ALL Report definition started throwing me below errors 

Error:

An error occured on generating the query for the report definition - null

But when i keep only one filter in policy rule then RD works fine but this does not satisfy my requirement to allow full READ access to Super admin for all 25 + Data classes. 

 

I have attached images.

 

Please share your thoughts ? Is there something i am missing here? Thx.

***Edited by Moderator: Pallavi to change content type from Discussion to Question***

 

***Edited by Moderator Marissa to update Product and Version; update Platform Capability Tags***

Pega Knowledge 8.3 Pega Platform 8.3.2 Security Data Integration Technology Services Lead System Architect Senior System Architect
Share this page LinkedIn