Close popover

Table of Contents

One Of and All Of conditions

Version:

The One Of condition and the All Of condition specify how to compare the multivalue attributes between the user and the object that the user requests, in order to determine whether to grant access. You can create attributes on cases to determine who is authorized to access the case.

  • One Of condition – Requires one of the values in the object's property to match the subject's property.

    For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red" or "Red,Yellow" is granted access. If the user has the attribute value "Purple,Brown", then access is denied. The order of the values is irrelevant.

  • All Of condition – Requires all values in the object's property to match the subject's property. The subject can have more, but not fewer values.

    For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red,Green" or "Red,Green,Yellow" is granted access. If the user has the attribute value "Red,Blue", the access is denied.

  • Attribute-based access control

    You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.

  • Creating an access control policy condition

    You can define a set of conditions and comparison logic to be evaluated to grant access to an object.

Suggest Edit

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.