Posted: 25 Feb 2018 22:51 EST Last activity: 25 Feb 2018 22:51 EST
Query on attribute based access control (ABAC) - from LSA course content
Hello, Can any of you please elaborate the following limitations of the ABAC authorization configuration?
Access control policies defined on Data- classes are not enforced in search queries ( Search queries??? )
Only read policies are enforced in custom SQL. (does this mean, update/delete using an RDB query would work even if RBAC config doesn't allow update/delete?)
Advanced search queries (for example, search queries that reference specific properties such as pxObjClass:Work-MyProperty AND CustomerName:MyCorp) are not allowed when access control policies are defined on any Assign-, Data-, or Work- classes.