Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Adding a role to an access group

Updated on June 30, 2021

You can assign access roles to an access group so that users who belong to the access group have a consistent set of functions available to them.

Before you begin:
  • To add or remove roles from an access group, you must have the pzCanAlterRoles privilege, which is included in the PegaRULES:SecurityAdministrator role.
  • Before adding a role to an access group, complete the following task: Creating an access group.
  1. Create an access group or open an existing instance from the navigation panel by clicking RecordsSecurityAccess Group and selecting an instance.
  2. Click the Definition tab.
  3. Optional: Select Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access if you want the system to stop searching as soon as an access role is found with a relevant Access of Role to Object rule. Clear this check box to use all roles.
  4. In the Available roles section, enter the access roles that apply to operators and other requestors that use this access group.
    1. In the role field, press the Down Arrow key and select a role.
      Note:
      • If you have not selected Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access, the order is not relevant; the access roles available to a user act as a collection of capabilities granted, and not as a hierarchy.
      • Enter access roles that are consistent with the values that you enter in the Portals field.
      • For non-developer workers and work managers using an application, a best practice is to create and use custom access roles that define the capabilities of the role by using Access of Role to Object rules. Pega Platform comes with one standard role for users and one for managers, but your application will probably have multiple different roles for users, managers, and others.
      • The PegaRULES:ProArch4 role is supported but deprecated. Do not use this role for new development.
      For example: The following examples show the Pega-supplied roles. In your environment, use the roles that you have created.
      • For workers, use PegaRULES:User4.
      • For work managers, use PegaRULES:WorkMgr4.
      • For business analysts, use PegaRULES:SysArch4.
      • For developers and designers, use PegaRULES:SysAdm4.
    2. To add more access roles, click Add role and select a role.
  5. Click Save.

Related articles

Learning about access groupsGranting portal access to an access groupControlling role evaluation for access groupsManaging access rolesUnderstanding Access of Role to Object rules

Tags

Pega Platform 8.6 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us