Defining The Authorization Scheme exercise
Hi all,
Question about Access Control Policy Condition
In "Show exercise steps" there is a description of HasEventReadAccess along with a screenshot:
I don't understand why the D condition is such - it's every time true due to .pxCreateOperator is not null definitely. It means that OTHERWISE condition will return true every time. Why not just leave the field blank?
Thanks,
Basil
American Express
US
What is the guarantee that .pxCreateOperator is not null definitely? I think it is mainly about building resilient systems.
BPM Company
NL
Sorry for almost-1-year-late reply :)
My question was not about technical logic of implementation (of course, building resilient systems is important), but more about business logic - seems that all logic before D allows access to read an event to only specific set of roles in system (Manager, Executives etc), but the last condition just throw all conditions out and allows it to everyone (except the ones who has pxCreateOperator empty by some technical issue)