Skip to main content
LinkedIn
Copied!

Table of Contents

Creating an access control policy condition

Version:

Only available versions of this content are shown in the dropdown

You can define a set of conditions and comparison logic that you want to evaluate to grant access to an object.

Using the Data Access tab, you can build complex authorization models in which access restrictions for a class depend on the attributes that are present in the associated and indexed classes, along with the attributes in the current class. The Data Access tab is read-only, and any information that is displayed on the tab is input into the Column source field.

You must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.

  1. In the navigation pane of Dev Studio, click Records.

  2. Expand the Security category, and then click Access Control Policy Condition.

  3. Click Create.

  4. In the Label field, enter the policy condition name.

  5. In the Context section, in the Apply to (class) field, press the Down arrow key, and then select the rule to which the policy condition applies.

  6. In the Add to ruleset field, select a ruleset.

  7. Click Create and open.

  8. Optional:

    To configure a filter logic string for the condition, click Add conditional logic, and then define the logic:

    1. On the Definition tab, in the Conditional logic section, click Add conditional logic for situations where you need to apply different logic.

    2. In the WHEN field, enter an Access When rule that evaluates whether the conditional logic should be used.

    3. Optional:

      To enforce a policy condition, in the adjacent field, enter a filter logic string to apply when the Access When rule evaluates to true.

      When the set of filters to be applied in an Access Control Policy Condition rule is determined conditionally by using Access When rules, leave the filter logic entry blank if you want to enforce no policy condition at all, for example, for certain highly privileged users.
    4. In the OTHERWISE field, enter the filter logic string that is used when all the when rules evaluate to false.

  9. On the Definition tab, in the Policy Conditions section, in the Condition field, enter a condition name.

  10. In the Column source field, press the Down Arrow key and select a property from the Apply To class from the list.

    Use the Column source field to add content from the Applies to, associations and declarative index classes in your policy conditions. When you select Applies to, associations and declarative index classes, this information auto-populates on the Data Access tab.

  11. In the Relationship list, click the comparison logic appropriate for the evaluated attribute type.

    For Numeric attributes:
    Attribute Behavior
    Is equal The Apply To property value and comparison value are equal.
    Is not equal The Apply To property value and comparison value are not equal.
    Is greater than The Apply To property value is greater than the comparison value.
    Is greater than or equal to The Apply To property value is greater than or equal to the comparison value.
    Is less than The Apply To property value is lower than the comparison value.
    Is less than or equal to The Apply To property value is lower than or equal to the comparison value.
    For String attributes:
    Attribute Behavior
    Is equal The Apply To property value and comparison values are equal. The comparison value can be a single value or a comma-delimited list.
    Is not equal The Apply To property value and comparison value are not equal.
    All of Both the Apply To property value and the comparison value are strings that consist of a comma-delimited list.

    The list does not contain any spaces within the string (except for spaces within a value), and all elements in the list are capitalized, for example BRAZIL,CANADA,FRANCE,GERMANY,SOUTH AFRICA,UK,USA.

    The condition is satisfied if every element of the list within the Apply To property value is also an element in the list within the comparison value.

    One of Both the Apply To property value and the comparison value are strings that consist of a comma-delimited list.

    There should be no spaces within the string (except for spaces within a value), and all elements in the list must be capitalized, for example: “BRAZIL,CANADA,FRANCE,GERMANY,SOUTH AFRICA,UK,USA”.

    The condition is satisfied if at least one element of the list within the Apply To property value is also an element in the list within the comparison value.

    For all attributes:
    Is null The Apply To property value is null.
    Is not null The Apply To property value is not null.
    If you select Is null or Is not null in the Relationship field, the Treat Empty As Null check box is automatically selected, which means that even empty values are considered null.
  12. In the Value field, enter the comparison values that you want the condition to check.

    If you select Is null or Is not null in the Relationship field, the Value field is not active.
  13. Optional:

    To define additional conditions, click Add Condition and repeat steps 7 through 10.

  14. Optional:

    For multiple conditions, to define more complex Boolean operations, complete the Conditional Logic field.

    By default, multiple conditions are combined by using the AND operator.
  15. Click Save.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us