Create Path Conditions
You can create path condition filters. Each identifies one or more specific paths to access points. Such a condition filter may either exclude its specified paths from conflicts identified by a model, or include only those paths in conflicts.
To begin, create user-defined access points. Each is, in effect, a specific path to an access point. For example, one called "Payroll Manager > Calculate Gross Earnings" might provide access to the Calculate Gross Earnings privilege through a role called Payroll Manager.
Next, optionally, create an entitlement that includes user-defined access points you want to use in path conditions.
Finally, create a condition filter, either in an access model or a global condition. You may either:
-
Select the Access Point attribute of the Access Condition business object, and a single user-defined access point as its value.
-
Select the Access Entitlement Name attribute of the Access Condition business object. As its value, select an entitlement containing user-defined access points.
For either filter, you may:
-
Select the Does Not Equal condition. Paths specified by this condition filter are excluded from the results the model can return.
-
Select the Equals condition. Paths specified by this condition filter are included in the results the model can return; any other paths are excluded.
For example, assume that a model contains an access point filter that specifies the Calculate Gross Earnings privilege. The filter returns two results: Payroll Manager > Calculate Gross Earnings and Payroll Interface Coordinator > Calculate Gross Earnings.
-
The condition "Access Point Does Not Equal 'Payroll Manager > Calculate Gross Earnings'" would cause the model to return the path through the Payroll Interface Coordinator role.
-
The condition "Access Point Equals 'Payroll Manager > Calculate Gross Earnings'" would cause the model to return the path through the Payroll Manager role.