Question
Bank Of America
IN
Last activity: 10 Aug 2021 15:50 EDT
Securing Applications ABAC
Securing an application using attribute-based access control | Pega Academy
I have few observations from this lesson hope the forum might be able to help me understand these concepts.
As per lesson it was mentioned ABAC is more granular and applies restriction with row and column based checks.
for me row is a workobject or data object instance and column is a exposed property in a table mapped to object.
so in this example scenario we are verifying if the user belongs to HR or recruitment department and also checking if the create operator value is present in record.
however when I tested the table it is abstract in nature.
TGB-HRApps-Data-Candidate--Abstract.
if that is case how did policy condition allowed us to use pxcreateoperator in its configuration.
second it also made me think when is it best to maintain abstract class and concreate class in system and in which layer would make it more flexible.
generally in my thoughts i prefer keeping abstract class a)in frame works to support inheritance
b)In integration layer to support mapping.
however i see in implementation layer also do we keep abstract class if so what is the rationality or logic of deciding that factor.
Securing an application using attribute-based access control | Pega Academy
I have few observations from this lesson hope the forum might be able to help me understand these concepts.
As per lesson it was mentioned ABAC is more granular and applies restriction with row and column based checks.
for me row is a workobject or data object instance and column is a exposed property in a table mapped to object.
so in this example scenario we are verifying if the user belongs to HR or recruitment department and also checking if the create operator value is present in record.
however when I tested the table it is abstract in nature.
TGB-HRApps-Data-Candidate--Abstract.
if that is case how did policy condition allowed us to use pxcreateoperator in its configuration.
second it also made me think when is it best to maintain abstract class and concreate class in system and in which layer would make it more flexible.
generally in my thoughts i prefer keeping abstract class a)in frame works to support inheritance
b)In integration layer to support mapping.
however i see in implementation layer also do we keep abstract class if so what is the rationality or logic of deciding that factor.
Note: one size doesn't fit all as one solution doesn't fit all, the reason for asking this question is to understand the design behind this HR data layer design.