Operators, access groups, and access roles
Pega 8applications use a combination of operator IDs, applications, access groups, and access roles to control what each user can see and do within the system. When users log in with an operator ID, their access group determines their application portal layout and the rulesets they can access. Group-specific access roles further constrain the product functions available to users within that access group.
Smart Investigate for Payments includes an additional security layer that is based on specific operator-assigned areas of the hierarchy. See, Deploying the application Deploying the Application for more information.
The following table illustrates some relationships between these factors for a group of sample users:
- Access Group — System administrators can have unrestricted access to the system, but system and process architects have more focused roles and can thus operate with the more restricted access that the SysArch and ProcArch access groups provide. Customer service representatives (CSRs) might be able to add transactions to the system, but only Managers can delete transactions.
- Application Portal — Administrators and architects must have access to system rules and maintenance functions. Managers and CSRs, however, are end users and do not need to see those elements in their portals.
- Access Role — Users within an access group may not need (or may not be allowed to have) the same permissions. Manager A and Manager B, for example, are in the Manager access group and use the ManagerPortal portal, though an access role distinction could prevent them from reassigning each other’s work objects.
| User Type | Opera ID | Access Group | Application Portal | Access Role |
| System Administrator | sisysadmin@ pega.com | SISysAdminSample | Developer | SysAdmin |
System Administrator | SIPaymentsDev@pega.com | SISysAdmin | Developer | SysAdmin |
| Manager | [email protected] | SIManager | SIManager | SIManager |
| Supervisor | [email protected] | SISupervisor | SISupervisor | SIManager |
| Manager | [email protected] | SIManager | SIManager | SIManager |
| Supervisor | [email protected] | SISupervisor | SISupervisor | SIManager |
| Supervisor | [email protected] | SISupervisor | SISupervisor | SIManager |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
| Investigator | [email protected] | SIUser | SIUser | SIInvestigator |
The above mentioned sample operator records that range from entry-level users to a system administrator and architect are now shipped as part of Pega Smart Investigate For Payments Sample layer which is the demo layer and these operator records are not available in the base Pega Smart Investigate for Payments application These records demonstrate how access groups define the user’s portal layout and access to rulesets, and provide models for developing your own user profiles. See Appendix A, Application-Specific Information, for more information about operators and their access groups.
In addition, standard access roles are available, including the following:
- PegaRULES:SysAdm4 for users with system administrator responsibilities
- PegaRULES:WorkMgr4 for users such as managers or supervisors
- PegaRULES:User4 for users who have might have clerical responsibilities
Previous topic Workbasket and worklist assignment models Next topic Security of the working environment