PBAC Membership policies are policies you create to specify the conditions under which an EmpowerID actor, such as a person or a Business Role and Location can be added to or potentially added to Management Roles, groups, Business Roles and Locations, or Query-Based Collections. PBAC Membership policies are comprised of Attribute-Based membership policies, which contain rules defining the field types, field type values, and rights needed by users for the system to add them to the target of the policy. In this article, we discuss the components of PBAC Membership policies and how to create and use them.
...
PBAC Membership policies can be created in two different ways: They can be created on the View One pages of the roles, groups, and collections that are the target of the policy and they can be created globally on the Role Modeling Inbox page of EmpowerID. In the below example, we demonstrate how to create a policy on the Role Modeling Inbox page.
...
Now that the policy is created, the next step is to define the conditions needed for users to be added to the policy target. You do this by add adding rules to it to .
Step 2 - Add Attribute Conditions to the policy
...
| Info |
|---|
When adding multiple rules to a policy you create an AND condition. In order to qualify for the target, users need to meet all conditions. If you want to create an OR condition where users only need to meet one of multiple conditions, you would need create a separate policy for each condition. |
...
...
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|