Access Manager provides a single view of your security model. You can use it as a single point of control for user access to business elements in your applications: assignments, case types, flows and flow actions, and tools. When you select one or more applications and one or all access groups, Access Manager displays the level of access that is granted to users. Icons indicate no access (), full access (), or conditional access () to indicate the security level; you can configure role-based authorizations for items in the display.
To navigate to Access Manager from Designer Studio, click Designer Studio > Org & Security > Access Manager.
On the Work & Process tab, Access Manager displays case types (work classes) followed by the operations that users can perform on cases in the class. User operations include open, run reports, perform other operators' assignments, and others. Administrators or interested parties with the appropriate permissions can view or editsecurity settings. For more information, see Editing authorizations for case type items in a single access group and Editing authorizations for case type flows and flow actions in a single access group.
You can use Access Manager to tighten authorization for access to sensitive data or to configure the conditions under which a user can perform a particular assignment in a worklist or action in a workflow. Access Manager includes some standard Access When conditions that you can use for typical conditional scenarios, such as providing access that is based on organizational relationships. The following figure shows the Work & Process tab.
Work & Process tab
A comprehensive reportprovides an overview of security settings for one or all access groups working with your application's cases. Click Export authorizations to create the report. For more information, see Generating Work & Process application authorization settings documentation.
On the Tools tab, Access Manager displays the security defined for tools. You can secure tools that are accessed in various places in Pega® Platform, for example, Designer Studio menus or toolbars. Access Manager lets you secure the tools that are used by users and managers to perform tasks such as starting a flow, and tools used by administrators and application developers. These include tools for tasks such as exporting or importing rulesets or modifying clipboard data. For more information, see Editing tools authorization for a single access group. The following figure shows the Tools tab.
Tools tabAggregate authorization values
In Pega Platform, authorizations are granted based on a user's access group, not the user's role. The most permissive role in the access group determines the level of authorization for the access group. To the left of an item to be secured, Access Manager displays an icon that indicates the most permissive level of authorization granted by the access group. Use this aggregated, or "rolled up" security level to identify levels of security that should be addressed at the role level. You can easily modify authorization levels for access roles in Access Manager. The following figure shows details on the Work & Process tab.
Details of the Work & Process tabUsing Access Manager
You can secure case types, flows, flow actions, assignments, and tools. To navigate to Access Manager, click Designer Studio > Org & Security > Access Manager. The landing page displays the Work & Process tab.
Work & Process tab
Access Manager lets you control user access to case types and their associated user actions (for example, open or delete), plus assignments, flows, and flow actions. For each role, click the access icon to allow or deny a user to perform an action on a case type, perform an assignment, run a flow or flow action, or set conditions.
Remember that the aggregate authorization level of the access group determines the access level for all users in the access group.
To begin, expand a case type. You can edit the authorization level of an item only at the role level.
To edit the security of an item:
Click the Access level icon.
In the pop-up window, click Full Access, No Access, or Conditional.
If you click Conditional, select an Access When condition that must be met for the role to access the item for processing, for example, open or modify a case type, run a report, perform an assignment, or process a flow or flow action. The following figure shows the access level pop-up window.
Access level pop-up window
Access Manager lists all the tools in your application that are available to be secured. You authorize user access to tools the same way you authorize access to case type items. For more information, see Editing tools authorization for a single access group.
Access Manager enables you to specify an Access When condition for assignments. Use the Perform setting for a specific case type to specify authorization for a user to perform other users' assignments. Pega Platform provides Access When rules for typical authorization scenarios, for example, "assigned to my direct staff." For more information, see Editing authorizations for case type flows and flow actions in a single access group.Links in Access Manager
You can click the text of items in Access Manager to view related rule forms. Although you can edit the rule forms, make any security-related changes in Access Manager itself (and not, for example, in the Access of Role to Object form).
Access Group (when Access Manager is in All Access Groups mode) – Opens the Access Group form.
Access Role – Opens a form listing instances of Access of Role to Object rules defined for the role. You can double-click an item to open the Access of Role to Object rule form.
Case Type – Opens the case type's Class rule form.