Close popover

Table of Contents

Verifying access control policies


You can verify access control policies by testing them to see whether they grant or deny access to a specific case for a specific user. By verifying an access control policy, you can see whether a user has required access to a case, and decide whether any changes need to be made to a policy.

  • To view the Policy Verification landing page, you must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.
  1. In Dev Studio, click Configure Org & Security Authorization Policy-Based Access Policy Verification .

  2. In the Target class field, press the Down Arrow key, and then select the class to which the policy applies.

  3. In the Action list, select an action to verify in the policy.

  4. If the target class is a Work- class, then in the Case ID field, enter a case ID to verify in the policy.

  5. If the target class is a Data- class, then in the Class keys section, enter an ID of a data type (data instance ID) to verify the policy, for example, an employer's name.

  6. In the Operator Id field, press the Down Arrow key, and then select a user to evaluate against the policy.

  7. If an operator has more than one access group, in the Access Group list, select the access group that the policy should verify.

  8. Click Verify policies.

  9. Review the results, and then update the policy as needed.

    If there are no results for the user, click Create policy to add a policy to the target class.
    1. In the Actions column, click View policy condition results to display the condition logic that is used in the policy.

    2. In the Status column, review whether the operator has passed or failed each condition.

    3. To update the policy, in the Actions column, click Open policy.

  • Attribute-based access control

    You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.

  • Creating an access control policy condition

    You can define a set of conditions and comparison logic to be evaluated to grant access to an object.

  • Masking property visibility for users

    You can restrict access to values of one or more properties by using a property-level access control policy. By using various masking options in the access control policy, you can display partial information about a value to users who are not allowed to see the full value.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.