Skip to main content

Verifying access control policies

Pega Community logo

Note: The following content, referenced from Pega Community, is included here to help you better achieve the module learning objectives.

You can verify access control policies by testing them to see whether they grant or deny access to a specific case for a specific user. By verifying an access control policy, you can see whether a user has required access to a case, and decide whether any changes need to be made to a policy.

Before you begin:
  • To view the Policy Verification landing page, you must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.
  1. In Dev Studio, click Configure Org & Security Authorization Policy-Based Access Policy Verification .

  2. In the Target class field, press the Down Arrow key, and then select the class to which the policy applies.

  3. In the Action list, select an action to verify in the policy.

  4. If the target class is a Work- class, then in the Case ID field, enter a case ID to verify in the policy.

  5. If the target class is a Data- class, then in the Class keys section, enter an ID of a data type (data instance ID) to verify the policy, for example, an employer's name.

  6. In the Operator Id field, press the Down Arrow key, and then select a user to evaluate against the policy.

  7. If an operator has more than one access group, in the Access Group list, select the access group that the policy should verify.

  8. Click Verify policies.

  9. Review the results, and then update the policy as needed.

    Note: If there are no results for the user, click Create policy to add a policy to the target class.
    1. In the Actions column, click View policy condition results to display the condition logic that is used in the policy.

    2. In the Status column, review whether the operator has passed or failed each condition.

    3. To update the policy, in the Actions column, click Open policy.

  • Attribute-based access control

    You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application. Restrict access to cases and properties by using attribute-based access control (ABAC)

  • Creating an access control policy condition

    You can define a set of conditions and comparison logic to be evaluated to grant access to an object.

  • Masking property visibility for users

    You can restrict access to values of one or more properties by using a property-level access control policy. By using various masking options in the access control policy, you can display partial information about a value to users who are not allowed to see the full value.

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice