Understanding the PolicyCenter permission types

PolicyCenter contains the following types of permissions:
  • System permission, which apply to specific user interface elements or data model entities.
  • Application permission, which represent a set of one or more system permissions.

You can view a list of both system and application permission keys in the Guidewire Security Dictionary.

System permission keys

Guidewire groups system permissions into the following categories:

  • Screen-level permissions that apply to user interface elements
  • Domain-level permissions that apply to data model entities

You can view a list of system permissions in the SystemPermissionType typelist. You can also extend this typelist and add custom permissions.

Screen-level permissions

Screen-level permissions apply to user interface elements, for example, the permission to view the administrative Server Tools screens. PolicyCenter defines many user interface permissions internally.

In general, screen-level permissions start with the word “view” followed by a reference to the user interface object they protect. You can add custom screen-level permissions to Guidewire PolicyCenter by extending the SystemPermissionType typelist.

PCF files define the point at which PolicyCenter calls user interface permissions. It is possible to change this point by customizing the PCF file that calls it.

Domain-level permissions

Domain permissions apply to data model entities, such as permission to view Note objects. For example, as a user attempts to access the summary for a sensitive note, PolicyCenter verifies that the user has the following permissions:

  • Permission to view the Policy screen
  • Permission to access that particular note type

Most top-level objects in the PolicyCenter data model have associated domain-level permissions. PolicyCenter defines all of an object’s domain-level permissions internally. It is not possible to add, remove, or edit domain permissions. Similarly, PolicyCenter defines the points at which it checks these permissions in internal code and in page configuration format (PCF) files. You cannot change the internal checks. You can, however, change the point at which the PCF files calls these checks.

Application permission keys

Application permission keys represents a set of one or more system permissions. PolicyCenter defines application permission keys internally as a method for improving system performance. For example, the Activity own permission key represents the system permission for owning an activity. The Activity edit permission key represents the system permission for the editing activities.

Guidewire defines all configurable application permissions in file security-config.xml. It is possible for you to modifying this file and add new application permissions.

Guidewire defines many other access application permissions internally. It is not possible to change these permissions.