Support Article
Unable to create Case from interaction with ABAC Write enabled
SA-76564
Summary
Unable to create a Service case from an Interaction case when the Attribute-based access control (ABAC) Read policy fails though the Write access is enabled.
Error Messages
You are not authorized to open instance XXX** Access Control Policy denied access for class XXX-XXX and action Open.
Steps to Reproduce
- Enable ABAC restrictions.
- Create an Access Control policy with only Read restrictions for a specific case type.
- Enable the Write access.
- Open an Interaction case which is at the Triage stage.
- Create a Service case from this Interaction case.
Root Cause
Service case is created; however, it is not linked to the Interaction case. The pzCreateCaseFromInteraction activity invoked the pxLinkAttachmentToCase. In the pxLinkAttachmentToCase activity, the first step is to open (Obj-Open) the case to verify if it is a valid case. As a result, the ABAC read is evaluated. Since, the ABAC Read condition is not satisfied, error displays on the screen.
Resolution
Perform the following local-change:
- Save As the pzCreateCaseFromInteractionCase activity to a different name.
- Call the linkAttachments instead of pxLinkAttachmentstoCase which does not perform the Obj-Open.
- Call pzCreateCaseFromInteractionCase from the pyCreateCaseFromTriage activity.
Published April 2, 2019 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.