COE security Policy | How to deal with overlapping Policies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2025 02:39 AM
I've just implemented COE security Policies into my Instances and I've had no issues so far.
But now we've received a new requirement.
There should be 2 Policies, both applied on sn_hr_core_case.
One is a general HR Agent Policy, which allows HR agents to read/write on all cases.
And a 2nd one which allows Assistants to only read specific HR cases related to their department.
Now I've got the issue that some HR Agents are also Assistants and now when they try to interaction with the HR cases they can no longer see all cases. They can only see the related cases.
Because of other processes, I cannot simply remove the Assistant Group from the User
Is there any way to set a priority with overlapping COE, or any way to disable the 2nd COE for a specific Group, like excluding a group, so the User still has access to all cases?
Thank you in Advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2025 07:34 AM
Hi @MisterSimon
Yes, there are two main approaches to handle this overlapping COE policy scenario:-
1.Use Policy Weights
- Add a weight parameter to your policies
- Higher weight policies take precedence
- Example:
policy.weight = 1000; // HR Agent policy (higher priority)
policy.weight = 100; // Assistant policy (lower priority)
2. Modify Assistant Policy Conditions
if (current.department = gs.getUser().getDepartment() &&
!gs.hasRole('hr_agent')) { // Exclude HR agents
// Assistant policy logic
}
The first approach using weights is recommended as it's more maintainable and explicit in handling precedence.
All the best
DO share if it worked for you 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2025 02:15 AM
Hi Raj
Thank you so much for your answer
Is this "Policy Weight" available in the Washington release?
Or is this something exclusive to Xanadu
Kind Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2025 07:58 PM
To verify this in your Washington instance, you can check:
- Navigate to System Policy > Policies
- Open a policy record
- Look for the "Weight" field in the policy form
If you don't see the Weight field, ensure you have the required plugins activated:
- Governance, Risk, and Compliance (GRC) Core
- Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2025 05:09 AM
Hello @MisterSimon,
This seems to be a HRSD COE security policy related question and we don't have policy weight in later Washington release like Xanadu as well.
If you don't give any group in the coe policies that means this is not available for any groups.