Posted: 19 Mar 2019 6:09 EDT Last activity: 25 Mar 2019 9:34 EDT
Access Policy Condition
What is the role of access policy conditions in processing a standard agent.
In our project we have an advanced agent which queues up and then a standard agent to create case from it. But we are facing the issue from Access Policy Conditions where it is failing and the Scheduled tasks are going to broken process.
In our access policy conditions we have to two conditions:
1) Checks the access role of user and some other properties.
2) Second one is the Otherwise condition which is linked to .pxApplication to our Application.
I see in tracer agent is failing because of this access policy, once I remove the access policy the agent is working fine. In tracer it is failing in report definition which is called from the agent activity. Report activity step 33.
Could you please tell me why the agent is executing the access policy conditions and if so then why it's not going to the second condition i.e. the other wise condition.
We are using 7.2.2. Attached is the Access When rule that we are using.We have this attached Access when in the Access control Policy where we are checking with Policy Condition .User = OperatorID.Eid. Here we are setting property .User while case creation and Eid is something like an employee id/unique id.
We have the access control policy action as "Read".
Apart from this Access When we have Otherwise condition as .pxApplication = "OurApplication".
In your Access Control Policy condition you may need to add a condition to allow Batch requestors to process the case. Since Agent is will run as a batch requestor, it would need to be explicitly mentioned in the condition.
There is an existing rule "IsBatchRequestor" which you can reuse.
I am not able to visualize based on the description you have given. it would be great if you can share some screenshots.
Also what I would suggest is, dont use Access Groups to compare. If possible go for Roles. You can then use OOTB rules HaveRoles function to check if the user is authorized or not. For long term benefits, its always better to use roles and not access groups.