MAC Policy Issue in ARAS 31 – Need Help with Access Restrictions
Hi all, I’m working on implementing access restrictions for the a Itemtype in ARAS 31. There are around 46 records, and I want to group them into 5 categories. Each category will be assigned to specific identities, allowing controlled access based on the record's classification. To achieve this, I started configuring MAC policies. However, I’ve run into a few issues: The fields I need are disabled in the MAC Policy Condition Editor. User-defined properties are not accessible in the condition editor either. Has anyone faced similar challenges or found a workaround for this? Any help or guidance would be greatly appreciated! Thanks, Salini
Do I have to give external users "get" permission for an ItemType when using a MAC policy to restrict access?
Hi community, let´s assume we have a lot of regular Parts in Innovator. An external user now shall have access to a limited amount of these Parts. An additional property specifies which parts he is allowed to see. This scenario is a perfect job for a MAC policy. MAC policies allow to restrict the user access based on the property. But I noticed that the external user still needs to be added to the regular permission that is used for Parts (e.g. Permission "Released Part"). Is this really necessary? The MAC rule it self works fine. But only if the external user is part of the "Released Part" permission. Otherwise he will see nothing. But I would prefer to avoid adding the user to this general permission. Reason: When the external user is part of the regular permission, he could see all items by default. Only after the MAC rule is activated, the item access is restricted. But what if we upgrade and forget to reactive the MAC rule? Will the external user see everything until we notice our mistake? I would prefer things the other way round. The external user must not see any Part UNTIL the MAC policy activated. Is this behavior possible? Thanks in advance! AngelaHow can I filter for created_on date in a MAC Policy rule?
Hi community, MAC policies allow us to specify item access for certain groups based on properties. Does anyone know how to filter for the "created_on" property? I only want to show items that are newer than a certain date. Right now I have the following rule: CurrentUser.IsMemberOf('Administrators') AND (CurrentItem.ai_test_result = 1) AND (CurrentItem.created_on > '2025-05-05T00:00:00') "ai_test_result" is a custom property that I added to the PolicyAccessItem. This filter works. But the created_on filter is ignored. What could be wrong? Thanks! Angela