You can verify access control policies by testing them to see whether they grant or deny access to a specific case for a specific user. By verifying an access control policy, you can see whether a user has required access to a case, and decide whether any changes need to be made to a policy.
- To view the Policy Verification landing page, you must have the pzCanManageSecurityPolicies privilege, which is included in the PegaRULES:SecurityAdministrator role.
- In Dev Studio, click Configure Org & Security Authorization Policy-Based Access Policy Verification .
- In the Target class field, press the Down Arrow key, and then select the class to which the policy applies.
- In the Action list, select an action to verify in the policy.
- If the target class is a Work- class, then in the Case ID field, enter a case ID to verify in the policy.
- If the target class is a Data- class, then in the Class keys section, enter an ID of a data type (data instance ID) to verify the policy, for example, an employer's name.
- In the Operator Id field, press the Down Arrow key, and then select a user to evaluate against the policy.
- If an operator has more than one access group, in the Access Group list, select the access group that the policy should verify.
- Click Verify policies.
Review the results, and then update the policy as needed.
Note: If there are no results for the user, click Create policy to add a policy to the target class.
- In the Actions column, click View policy condition results to display the condition logic that is used in the policy.
- In the Status column, review whether the operator has passed or failed each condition.
- To update the policy, in the Actions column, click Open policy.