SrinivasS2132 Member since 2017 6 posts
Posted: 9 months ago
Last activity: 9 months 2 weeks ago

Clarification on Case Create security restriction using ABAC

Hello PDN Team, I have following use case, Please review and and your comments.

Use case : How to provide Case create access for only set of users using ABAC (Attribute based access control).

To implement this, I Created a Access When (Ex. To check AcessGroupA) , Access control Policy condition and Access Control policy (Selected Action = Update as there is no action for create).

When a user doesn't belongs to AccessGroupA and try to create the case an error message getting displayed something like below.

Access Control Policy denied access for class ABC-Work-Task and action Modify.
You are not authorized to create, modify, or lock instance ABC-Work-Task T-13

Here case is already getting created but user unable to move forward. I would expect object itself not created.

We can implement this requirement using RBAC by adding privilege on pyStartCase however i am interested to know if we can implement the same using ABAC without creating case itself.

I am not sure if i am doing some misconfiguration.


Share this page LinkedIn