One Of and All Of conditions
The One Of condition and the All Of condition specify how to compare the multivalue attributes between the user and the object that the user requests, in order to determine whether to grant access. You can create attributes on cases to determine who is authorized to access the case.
One Of condition – Requires one of the values in the object's property to match the subject's property.
For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red" or "Red,Yellow" is granted access. If the user has the attribute value "Purple,Brown", then access is denied. The order of the values is irrelevant.
All Of condition – Requires all values in the object's property to match the subject's property. The subject can have more, but not fewer values.
For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red,Green" or "Red,Green,Yellow" is granted access. If the user has the attribute value "Red,Blue", the access is denied.
- Attribute-based access control
You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.
- Creating an access control policy condition
You can define a set of conditions and comparison logic to be evaluated to grant access to an object.