Create Path Conditions

You can create path condition filters. Each identifies one or more specific paths to access points. Such a condition filter may either exclude its specified paths from conflicts identified by a model, or include only those paths in conflicts.

To begin, create user-defined access points. Each is, in effect, a specific path to an access point. For example, one called "Payroll Manager > Calculate Gross Earnings" might provide access to the Calculate Gross Earnings privilege through a role called Payroll Manager.

Next, optionally, create an entitlement that includes user-defined access points you want to use in path conditions.

Finally, create a condition filter, either in an access model or a global condition. You may either:

• Select the Access Point attribute of the Access Condition business object, and a single user-defined access point as its value.

• Select the Access Entitlement Name attribute of the Access Condition business object. As its value, select an entitlement containing user-defined access points.

For either filter, you may:

• Select the Does Not Equal condition. Paths specified by this condition filter are excluded from the results the model can return.

• Select the Equals condition. Paths specified by this condition filter are included in the results the model can return; any other paths are excluded.

For example, assume that a model contains an access point filter that specifies the Calculate Gross Earnings privilege. The filter returns two results: Payroll Manager > Calculate Gross Earnings and Payroll Interface Coordinator > Calculate Gross Earnings.

• The condition "Access Point Does Not Equal 'Payroll Manager > Calculate Gross Earnings'" would cause the model to return the path through the Payroll Interface Coordinator role.

• The condition "Access Point Equals 'Payroll Manager > Calculate Gross Earnings'" would cause the model to return the path through the Payroll Manager role.