Use "Or" clause in PDP policy

Most of the records we use for reporting have multiple people that should have access to those records.  When creating a PDP policy, it would be really, really helpful if we could use an "or" clause (or something like an "or" clause" to create a policy that allows the user to see a record if a certain value associated with that user (ex: employee number) was found in column A of the dataset... or in column B of the dataset.

 

That would greatly simplify the setup of PDP policies and make it much more streamlined and easier to maintain for us.

 

** This would be especially helpful with the new dynamic PDP policies against trusted attributes.

 

thanks,
Jeff H.

Tagged:
7
7 votes

· Last Updated

Comments

  • Couldn’t you just write two policies? One for column A and one for B.


    ______________________________________________________________________________________________
    “There is a superhero in all of us, we just need the courage to put on the cape.” -Superman
    ______________________________________________________________________________________________
  • Yes... we can accomplish what we need with the current setup. However, in situations where there might be 5 different people who need access to a record of data through 5 different columns on the dataset... that is 25 different policies.  We already have dozens and dozens of datasets with tens of thousands of policies per dataset... running our pdp policies every morning is very time consuming and a little fragile.

     

    Being able to handle the above situations with a single policy with several "or" statements would just be cleaner.

     

    With the new-ish dynamic pdp policy setup, we are hoping that is going to help minimize policies... but until they roll out the ability for us to create additional trusted attributes, we won't be able to fully utilized that.

     

    But yes... we can accomplish what we need now, it just isn't very pleasant ?

     

    thanks,
    Jeff H.

This discussion has been closed.