By default, when creating a Task, access is inherited from the parent entity. If your security policy does not include rules for Requests, Tasks created from Requests may not be have the expected access for analysts.
To grant read access to requests based on Group Association:
RULE "Requests Read" IF
attribute "Group" match
AND resource type equal "request" THEN GRANT "entity.read"
You can also use an attribute like Task Status to grant access only when a task has been submitted:
RULE "Tasks RW"
IF
attribute "Group" match
AND resource type equal "task"
AND resource attribute "Task Status" in "Submitted"
THEN
grant "entity.write"
Comments
0 comments
Article is closed for comments.