Question
Virtusa IT Consulting
AE
Last activity: 27 Sep 2018 7:38 EDT
Can we access data from multiple Datatables for ABAC condition?
Hi All,
We have to implement Attribute based access control based on one property (Say Prop1) which is in a multiple datatables as a associated data and has master table to identify its unique values.
Based on Prop1 we have to show the workobjects,data, reports etc specific to a user who matches with a unique value of Prop1 from other datatables.
I have done a POC on ABAC on work table using access control policy and access control policy condition rules, however in the condition I can only specify a property that is exposed in its applied to class whilst my property Prop1 comes from a different data table which has to be further filtered using joins with other data tables.
Is is possible that ABAC can support this complexity? If yes, then please let me know how. Any article would be helpful.
Thanks in Advance!
Accepted Solution
Virtusa IT Consulting
AE
Pegasystems Inc.
IN
ABAC supports data pages on the RHS side of the policy conditions. Create a data page on your data class to load the Prop1 values that can be accessed by the user. This data page should fetch the unique identifiers that link work and data.
Now you can use this data page on the RHS side of Policy condition to filter the results based on the unique identifier value present in data page.
Thanks,
Santhosh
Virtusa IT Consulting
AE
Thanks @bagas !
I agree to your point but my concern is from LHS that where we should write it? in Work class or Data class?
My concern is that Prop1 is in Data class but I have to filter the Work class instances based on values of Prop1 from data class.
Pegasystems Inc.
IN
As you mentioned, you have unique identifiers that link your work and data records. You can use that on LHS of the work class.
If I understood your requirement correctly, you have a work class that reference a data class property ex. CustomerId. This is present as a column in work table. You have a separate data table which has customer ID, CustomerRegion and other columns on it and you want to filter out the results based on columns in this table ex: CustomerRegion . Write a data page to load the customer IDs by filtering out invalid regions. Here you can use policy on Data class to get allowed results. Then you will have only CustomerIDs that you can access. No write your ABAC condition on work class based on the customer ID column which is present in your work class.
Ignore this if I my understanding is incorrect.
Thanks.
Virtusa IT Consulting
AE
Thanks Santhosh! Technically you are right but my problem is that there is no Foreign key relationship in Work table for customerID so there is no column specific to customerid in work table.
Accepted Solution
Virtusa IT Consulting
AE
Pegasystems Inc.
IN
Hi Habeeb,
You seem to have marked a reply that contains the URL of this post as the Correct Answer. Please update us if this query was answered.
Thanks!