Access roles define the classes that a user can view, update, and delete through the Access of Role to Object and Access Deny rule types. Access roles are critical for ensuring valid authentication in an application. The access roles that a user holds defines what they can and cannot due in an application. For example, a manager access role allows managers to reopen closed cases, whereas those with the case manager role cannot reopen cases.
An access role is different from a work party role, which defines the types of parties that can appear in work items.
Use an access role name to grant permissions to users. Requestor type instances and access group instances can reference access roles. Pega Platform provides built-in access roles, with names starting with PegaRULES:, for a variety of users:
- Authenticated work users
An access role is an instance of the Rule-Access-Role-Name rule type.
At user log in, the system assembles a set of roles for the user based on information in the user's requestor instance (Operator ID instance), and the associated access group instance. Access roles associated with a user are important because an access role allows access to features and determines the user's capabilities.
To determine whether the current user has a role, call the standard Boolean function HaveRole():
Access role names form the first key part of Access of Role to Object rules (Rule-Access-Role-Obj rule type), and the Access Deny Obj rules (Rule-Access-Deny-Obj rule type). You convey access roles to users through access groups.
Use the Access Roles tab on the Security landing page to view or modify a list of the access roles in your application.
You can access the Access Roles landing page tab in the header of Dev Studio, by clicking.
Use the Records Explorer to list all the access roles that are available to you.
Access Role Name rules are instances of the Rule-Access-Role-Name class and are part of the Security category.