I have a requirement to enable delegation on a data type but this data type contains a lot more records than we'd like to give to the business. Is it remotely possible to pre-filter the delegated rule so that we only show the business the records that we want to allow them to change?
BTW we are running 8.6.2.
***Edited by Moderator: Pooja Gadige to add capability tag***
@CraigA52 If you are looking for restrictions on read and update operations on the records/instances that user is allowed to.
We can achieve it by implementing ABAC rules for the class that is delegated. Create Access Control Policy and Access Control Policy Conditions for Read and Update. Define Access When rules per requirement and configure them on the Access Control Policy Condition.
Posted: 1 year ago
Posted: 9 Dec 2021 11:22 EST
Craig Armstead (CraigA52)
Lets say we have a persona A who works for Team A, and we want to restrict to display the certain records related only.
We can define a column to configure Persona/have a flag CanBusinessAccess in the delegated table and use it to check against the logged in operator's persona and grant Read/Update access to the data instances using the Access Control Policy Conditions.
This can be extended to any other fields available on the operator record like AG/WG(Teams)/Skill or use a configurable table to configure the operator's access and use it in the ABAC through a data page.