COE security Policy | How to deal with overlapping Policies

MisterSimon
Tera Expert

I've just implemented COE security Policies into my Instances and I've had no issues so far. 

But now we've received a new requirement. 

There should be 2 Policies, both applied on sn_hr_core_case.

One is a general HR Agent Policy, which allows HR agents to read/write on all cases.

And a 2nd one which allows Assistants to only read specific HR cases related to their department.

 

Now I've got the issue that some HR Agents are also Assistants and now when they try to interaction with the HR cases they can no longer see all cases. They can only see the related cases.

 

Because of other processes, I cannot simply remove the Assistant Group from the User

 

Is there any way to set a priority with overlapping COE, or any way to disable the 2nd COE for a specific Group, like excluding a group, so the User still has access to all cases? 

 

Thank you in Advance

4 REPLIES 4

Raj_Nishant92
Tera Contributor

Hi @MisterSimon 

 

Yes, there are two main approaches to handle this overlapping COE policy scenario:-

1.Use Policy Weights

  • Add a weight parameter to your policies
  • Higher weight policies take precedence
  • Example:

policy.weight = 1000; // HR Agent policy (higher priority)
policy.weight = 100; // Assistant policy (lower priority)

 

2. Modify Assistant Policy Conditions

if (current.department = gs.getUser().getDepartment() &&
!gs.hasRole('hr_agent')) { // Exclude HR agents
// Assistant policy logic
}

 

The first approach using weights is recommended as it's more maintainable and explicit in handling precedence.

 

All the best 

 

DO share if it worked for you 🙂

Hi Raj

Thank you so much for your answer
Is this "Policy Weight" available in the Washington release?
Or is this something exclusive to Xanadu

Kind Regards

To verify this in your Washington instance, you can check:

  1. Navigate to System Policy > Policies
  2. Open a policy record
  3. Look for the "Weight" field in the policy form

If you don't see the Weight field, ensure you have the required plugins activated:

  • Governance, Risk, and Compliance (GRC) Core
  • Policy and Compliance Management

Hello @MisterSimon

This seems to be a HRSD COE security policy related question and we don't have policy weight in later Washington release like Xanadu as well. 

If you don't give any group in the coe policies that means this is not available for any groups.