Posted: 8 Dec 2017 3:36 EST Last activity: 12 Dec 2017 1:29 EST
Access Control Policy Condition to compare the value of a property with that of a page list
I have a requirement to use ABAC to control opening of Work- and Assign- instances in the Manager Portal .
I want to build my access control policy condition such that it checks for the value of a property in the case with that of the one value in a data page which is of type list . If any value in data page matches with that of the value in the property , then i want to return true . I checked the conditions but all of them are related to string comparison , how to compare it . Also I want to know the dss setting which we have to change to enable or disable ABAC in pega.
You should set the Dynamic System Setting EnableAttributeBasedSecurity to true to enable ABAC on the system.
For your requirement, you can create a declare expression to set the value on the original Data Page's top level property (comma separated values of the each page list entry) and use that property in the RHS of the Access control policy condition. Other approach is to create a new Data Page that programmatically iterates over the original Data Page and sets the value on the new Data Page's top level property. Then you can use the new Data Page in the Access Control Policy Condition. Values should be comma separated in either cases. (Ex: "Value1,Value2,Value3")
Posted: 3 years ago
Updated: 3 years ago
Posted: 9 Dec 2017 9:39 EST Updated: 11 Dec 2017 5:17 EST
I have created a Access Control and Policy and referred an Access Control Policy Condition inside it . Irrespective of my condition is returning true or false , when I try to open a case from dashboard I am getting the below error. I am attaching the screenshot of the configuration , could you please check and let me know if I am doing correctly.
The work object DMORG-DMSAMPLE-WORK AC-5 could not be opened: You are not authorized to open instance DMORG-DMSAMPLE-WORK AC-5** Access Control Policy denied access for class DMOrg-DMSample-Work-ApplicationConfiguration and action Open. UID is 1512830109469
I used a data page where I stored the values as comma separated in one of the property and tried to compare the property in my assignment against the comma separated data page property but it's not working . Please refer to the attached screen shot.