Verifying access control policies

You can verify access control policies by testing them to whether they grant or deny access to a specific case for a specific user. By verifying an access control policy, you can see if any changes need to be made to a policy, or if a user has required access to a case.

Before you begin: 
  • Ensure that attributed-based access control is enabled. For more information, see Enabling attribute-based access control.
  • To view the Policy Verification landing page, you must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.
  1. In Dev Studio, click Configure > Org & Security > Authorization > Policy-Based Access > Policy Verification.

  2. In the Target class field, press the Down Arrow key, and then select the class to which the policy applies.

  3. In the Action list, select an action to verify in the policy.

  4. If the target class is a Work- class, then in the Case ID field, enter a case ID to verify in the policy.
  5. If the target class is a Data- class, then in the Class keys section, enter an ID of a data type (data instance ID) to verify the policy, for example, an employer's name.
  6. In the Operator Id field, press the Down Arrow key, and then select a user to evaluate against the policy.

  7. If an operator has more than one access group, in the Access Group list, select the access group that the policy should verify.

  8. Click Verify policies.

  9. Review the results, and then update the policy as needed.

    Note: If there are no results for the user, click Create policy to add a policy to the target class.
    1. In the Actions column, click View policy condition results to display the condition logic that is used in the policy.

      In the Status column, review whether the operator has passed or failed each condition

    2. To update the policy, in the Actions column, click Open policy.