Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Creating an access control policy condition

Updated on March 15, 2022

You can define a set of conditions and comparison logic that you want to evaluate to grant access to an object.

Using the Data Access tab, you can build complex authorization models in which access restrictions for a class depend on the attributes that are present in the associated and indexed classes, along with the attributes in the current class. The Data Access tab is read-only, and any information that is displayed on the tab is input into the Column source field.
Before you begin:

You must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.

  1. In the navigation pane of Dev Studio, click Records.
  2. Expand the Security category, and then click Access Control Policy Condition.
  3. Click Create.
  4. In the Label field, enter the policy condition name.
  5. In the Context section, in the Apply to (class) field, press the Down arrow key, and then select the rule to which the policy condition applies.
  6. In the Add to ruleset field, select a ruleset.
  7. Click Create and open.
  8. Optional: To configure a filter logic string for the condition, click Add conditional logic, and then define the logic:
    1. On the Definition tab, in the Conditional logic section, click Add conditional logic for situations where you need to apply different logic.
    2. In the WHEN field, enter an Access When rule that evaluates whether the conditional logic should be used.
    3. Optional: To enforce a policy condition, in the adjacent field, enter a filter logic string to apply when the Access When rule evaluates to true.
      When the set of filters to be applied in an Access Control Policy Condition rule is determined conditionally by using Access When rules, leave the filter logic entry blank if you want to enforce no policy condition at all, for example, for certain highly privileged users.
    4. In the OTHERWISE field, enter the filter logic string that is used when all the when rules evaluate to false.
  9. On the Definition tab, in the Policy Conditions section, in the Condition field, enter a condition name.
  10. In the Column source field, press the Down Arrow key and select a property from the Apply To class from the list.

    Use the Column source field to add content from the Applies to, associations and declarative index classes in your policy conditions. When you select Applies to, associations and declarative index classes, this information auto-populates on the Data Access tab.

  11. In the Relationship list, click the comparison logic appropriate for the evaluated attribute type.
    For Numeric attributes:
    AttributeBehavior
    Is equalThe Apply To property value and comparison value are equal.
    Is not equalThe Apply To property value and comparison value are not equal.
    Is greater thanThe Apply To property value is greater than the comparison value.
    Is greater than or equal toThe Apply To property value is greater than or equal to the comparison value.
    Is less thanThe Apply To property value is lower than the comparison value.
    Is less than or equal toThe Apply To property value is lower than or equal to the comparison value.
    For String attributes:
    AttributeBehavior
    Is equalThe Apply To property value and comparison values are equal. The comparison value can be a single value or a comma-delimited list.
    Is not equalThe Apply To property value and comparison value are not equal.
    All ofBoth the Apply To property value and the comparison value are strings that consist of a comma-delimited list.

    The list does not contain any spaces within the string (except for spaces within a value), for example: “Brazil,Canada,France,Germany,South Africa,UK,USA”.

    The condition is satisfied if every element of the list within the Apply To property value is also an element in the list within the comparison value.

    One of Both the Apply To property value and the comparison value are strings that consist of a comma-delimited list.

    There should be no spaces within the string (except for spaces within a value), for example: “Brazil,Canada,France,Germany,South Africa,UK,USA”.

    The condition is satisfied if at least one element of the list within the Apply To property value is also an element in the list within the comparison value.

    For all attributes:
    AttributeBehavior
    Is nullThe Apply To property value is null.
    Is not nullThe Apply To property value is not null.
    Note: If you select Is null or Is not null in the Relationship field, the Treat Empty As Null check box is automatically selected, which means that even empty values are considered null.
  12. In the Value field, enter the comparison values that you want the condition to check.
    If you select Is null or Is not null in the Relationship field, the Value field is not active.
  13. Optional: To define additional conditions, click Add Condition and repeat steps 7 through 10.
  14. Optional: For multiple conditions, to define more complex Boolean operations, complete the Conditional Logic field.
    By default, multiple conditions are combined by using the AND operator.
  15. Click Save.
  • Previous topic Configuring encryption for properties in embedded classes
  • Next topic Access Control Policy Condition rule

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us