You are here: Security > Attribute-based access control > Creating an access control policy condition

Creating an access control policy condition

You can define a set of conditions and comparison logic to be evaluated to grant access to an object.

To enforce the access control policy for All of and One of, ensure that the properties that are referenced in the Column source fields are optimized and included in returnable form in the custom search properties that are stored in the search index.

  1. In Designer Studio, click Records > Security > Access Control Policy Condition.
  2. Click +Create.
  3. In the Label field, enter the policy condition name.
  4. In the Context section, in the Apply to (class) field, press the Down Arrow key and select from a list the rule to which the policy condition applies.
  5. In the Add to ruleset field, select a ruleset.
  6. Click Create and open.
  7. Optional: Click Add conditional logic to configure a filter logic string for the condition.
    1. On the Definition tab, in the Conditional logic section, click Add conditional logic as needed to support situations where different logic needs to be applied.
    2. In the WHEN field, enter an Access When rule that evaluates whether the conditional logic should be used.
    3. In the second field, enter a filter logic string that is applied when the Access When rule evaluates to true. When the set of filters to be applied in an Access Control Policy Condition rule is determined conditionally using Access When rules, leave the filter logic entry blank if you want to enforce no policy condition at all, for example, for certain highly privileged users.
    4. In the OTHERWISE field, enter the filter logic string that is used when all of the when rules evaluate to false.
  8. On the Definition tab, in the Policy Conditions section, in the Condition field, enter a condition name.
  9. In the Column source field, press the Down Arrow key and select a property for comparison from the list.
  10. In the Relationship list, select the comparison logic appropriate for the evaluated attribute type.
    ClosedFor Numerical attributes:
    • Is equal - Work object data and target value are equal.
    • Is not equal - Work object data and target value are not equal.
    • Is greater than - Work object data is greater than the target value.
    • Is greater than or equal to - Work object data is greater than or equal to the target value.
    • Is less than - Work object data is less than the target value.
    • Is less than or equal to - Work object data is less than or equal to the target value.
    ClosedFor String attributes:
    • All of - All values on the work object data are on the list provided in the target value field.
    • One of - At least one value on the work object data is on the list provided in the target value field.
    ClosedFor all attributes:
    • Is null - The referenced property value is null.
    • Is not null - The referenced property value is not null.

    If you select Is null or Is not null in the Relationship field, the Treat Empty As Null check box is automatically selected. When Treat Empty as Null is checked, even empty values are considered null.

    If you select Is null or Is not null in the Relationship field, the Value field is not active.

  11. In the Value field, enter all the attribute values that you want the condition to check.
  12. Click Save.
Related information

Open topic with navigation