Clarification on Case Create security restriction using ABAC
Hello PDN Team, I have following use case, Please review and and your comments.
Use case : How to provide Case create access for only set of users using ABAC (Attribute based access control).
To implement this, I Created a Access When (Ex. To check AcessGroupA) , Access control Policy condition and Access Control policy (Selected Action = Update as there is no action for create).
When a user doesn't belongs to AccessGroupA and try to create the case an error message getting displayed something like below.
Access Control Policy denied access for class ABC-Work-Task and action Modify.
You are not authorized to create, modify, or lock instance ABC-Work-Task T-13
Here case is already getting created but user unable to move forward. I would expect object itself not created.
We can implement this requirement using RBAC by adding privilege on pyStartCase however i am interested to know if we can implement the same using ABAC without creating case itself.
I am not sure if i am doing some misconfiguration.
thanks for your time in reviewing and providing comments. I agree For Case creation scenario RBAC make sense.
Pega Help documentation while creating Access Control policy, has below statement for Action selection, which is confusing. For create case scenario, ABAC won't work.
Update - The user can create a case that meets the policy conditions or update data for such a case.
Help link :
Keep up to date on this post and subscribe to comments