PDP based on multiple columns

cwolman

Each row of my data can identify a type of transaction up to 6 different ways. 

Example shortened to 3 transaction type columns: 

cheeseburger	1	5.25	food
t-shirt	1	9.99	retail
combo pkg	1	99	giftcard	retail	food

 

I want to create a PDP policy that allows a group to view all food type transactions.  The policy would need to say if column1='food' or column2='food' or column3='food' then allow Food group.  I tried creating a policy for each column allowing the Food group but PDP is treating the policies as an AND and not displaying any data unless all columns on a row contain 'food'.  I can create a second policy on column1 for column1='retail' and allow the 'food' group which will then create a policy of column1='food' or 'retail' allow Food group.  Any ideas how I can apply PDP across multiple columns? 

 

Thank you.

Valiant

When we have something like this with an 'Or' situation on permissioning we end up scripting it so that multiple policies get created for the same person or group. So the update script might look like this for you:

 

target_ds      policy_name    delete_options    policy_column    user_group    value
(datasetid)    Group_col1     update            column4          food_group    food
(datasetid)    Group_col2     update            column5          food_group    food
(datasetid)    Group_col3     update            column6          food_group    food

 

This way each column will have it's own grant permission and you group will be able to anything with the 'food' in that row of data.

 

Hope that helps. Let me know if you have any questions,

Valiant

 

**Please mark "Accept as Solution" if this post solves your problem
**Say "Thanks" by clicking the "heart" in the post that helped you.

 

cwolman

The security policy was not working as expected on Friday but now is working.  When you say update script - is this an update dataflow or is there a scripting tool that will allow me to build and maintain security policies across multiple datasets?  Doing it manually through the UI is very tedious and would love to have another option if possible.

 

Thank you.