One Of and All Of conditions
The One Of condition and the All Of condition specify how to compare the multivalue attributes between the user and the object that the user requests, in order to determine whether to grant access. You can create attributes on cases to determine who is authorized to access the case.
One Of condition – Requires one of the values in the object's property to match the subject's property.
For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red" or "Red,Yellow" is granted access. If the user has the attribute value "Purple,Brown", then access is denied. The order of the values is irrelevant.
All Of condition – Requires all values in the object's property to match the subject's property. The subject can have more, but not fewer values.
For example, if a case has an attribute value "Red,Green", then the user with the attribute value "Red,Green" or "Red,Green,Yellow" is granted access. If the user has the attribute value "Red,Blue", the access is denied.
Previous topic Storage of operator security attributes Next topic Access control policy condition performance