PDP based on multiple columns

Each row of my data can identify a type of transaction up to 6 different ways. 

Example shortened to 3 transaction type columns: 

combo pkg199giftcardretailfood


I want to create a PDP policy that allows a group to view all food type transactions.  The policy would need to say if column1='food' or column2='food' or column3='food' then allow Food group.  I tried creating a policy for each column allowing the Food group but PDP is treating the policies as an AND and not displaying any data unless all columns on a row contain 'food'.  I can create a second policy on column1 for column1='retail' and allow the 'food' group which will then create a policy of column1='food' or 'retail' allow Food group.  Any ideas how I can apply PDP across multiple columns? 


Thank you.



  • When we have something like this with an 'Or' situation on permissioning we end up scripting it so that multiple policies get created for the same person or group. So the update script might look like this for you:


    target_ds      policy_name    delete_options    policy_column    user_group    value
    (datasetid) Group_col1 update column4 food_group food
    (datasetid) Group_col2 update column5 food_group food
    (datasetid) Group_col3 update column6 food_group food


    This way each column will have it's own grant permission and you group will be able to anything with the 'food' in that row of data.


    Hope that helps. Let me know if you have any questions,



    **Please mark "Accept as Solution" if this post solves your problem
    **Say "Thanks" by clicking the "heart" in the post that helped you.


  • The security policy was not working as expected on Friday but now is working.  When you say update script - is this an update dataflow or is there a scripting tool that will allow me to build and maintain security policies across multiple datasets?  Doing it manually through the UI is very tedious and would love to have another option if possible.


    Thank you.