Assigning access roles in Pega requires visibility to that application using an operator that has privileges for the system administrator role and access to the Pega Knowledge portal. It is a best practice to modify one of your Pega application's System Administrator operator's access group or create a new operator to include the KMPortal. The operator's application rule should also include the PegaKMPortal:08-03 ruleset that is placed above any Pega- rulesets. This operator then has access to both your application and Pega Knowledge, allowing the visibility and assignment of your application's access roles to the taxonomy categories through the Taxonomy editor.

Assigning security restrictions is hierarchical, meaning that if a higher level taxonomy category has assigned (one-to-many) access roles, then all its related child categories inherit those roles. Any content assigned to these child taxonomy categories requires that the end user have at least one of the assigned access roles to enable visibility.

If an access role is assigned at a lower (child) level in a taxonomy category hierarchy, with no other access roles assigned above the child, then only content at the level where the access role is assigned would require the user to have that access role. Content linked to taxonomy categories above the child with the access role would not have any visibility restrictions, assuming that no access roles are assigned at the higher levels in that category hierarchy.