Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Template access groups and roles

Updated on August 3, 2022

Template access groups are provided with the Pega Customer Decision Hub and are used to generate new access groups when the user runs the new application wizard.

Template access groups

Access group nameApplication where it is used
CDHTemplate:OpsDeveloperPega 1:1 Operations Manager
CDHTemplate:NBASpecialistPega 1:1 Operations Manager
CDHTemplate:OpsMgrAdminPega 1:1 Operations Manager
CDHTemplate:TeamLeadPega 1:1 Operations Manager
CDHTemplate:BusinessUserPega 1:1 Operations Manager
CDHTemplate:CDHAdminsPega Customer Decision Hub
CDHTemplate:CDHManagersPega Customer Decision Hub
CDHTemplate:CDHAnalystsPega Customer Decision Hub
CDHTemplate:CDHInstallPega Customer Decision Hub
CDHTemplate or MKTTemplate in the name of the access group will be automatically replaced with the name of your application. For example, if you name your application DevCo during the new application wizard, the access groups will be named DevCo:Admins, DevCo:CDHAnalysts and so on.

Associating access groups with roles

The access groups used by these operators in the application are associated with roles. Each of these roles should be built with the associated PegaNBAM_FW role as a dependent role. This ensures that any new privilege granted in Pega Customer Decision Hub will be granted to the appropriate operators automatically when upgrading your environment.

To verify that you access groups are associated with the correct role:

  1. Open your access group to see its list of available roles.
  2. Open the role.
  3. Click Manage dependent role and verify that you see one of the PegaNBAM_FW roles as a dependent role.
  4. If required, add the PegaNBAM_FW role to get the latest list of privileges.
Note: Some access groups are associated with multiple roles. The order of these roles defines the additional permissions or privileges for the access group. The Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access option is disabled for these groups, so that the permissions for these roles can accumulate.

To remove permissions, use one of the following rules:

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us