Defining a run-time configuration for an access group
You can define settings for an access group that are related to run-time rulesets and accessibility for users and other requestors who belong to an access group.
- Create an access group as described in Creating an access group.
- Open an existing instance from the navigation panel by clicking and selecting an instance.
To define a run-time configuration for an access group, click the Advanced tab and navigate to the Run time configuration section. Choose any of the following options.
To provide users with more accessible versions of several standard harness, section,
and flow actions , select
Enable accessibility add-on.
To provide maximum accessibility support, include the PegaWAI ruleset in the Production Rulesets list for such users. For more information, see Understanding accessibility.
For users who belong to the access group and who have design-time permission in a
production setting, provide the names of one or more
that contain the updated rules.
For example, in a production setting, you can identify one ruleset and version that remains unlocked and holds only rules that are expected to change often. Such rules can be delegated to management. A ruleset with this purpose is sometimes called a local-only or production ruleset.
Caution: Leave this blank except for developers and other users who modify rules. While your profile includes the ruleset versions listed here, they are not considered part of the current application. Rules in the ruleset versions listed here might not be visible in the Application Explorer, Guardrails tool, or Document wizard facilities.
As a best practice for good security, and to avoid a warning when you save the Access Group form, select from the ruleset versions that appear in the Production Rulesets (customization) array on the Definition tab of the Application rule.
The system uses this information at log-on time to assemble the ruleset list for this user. The order of your entries in this array affects rule resolution. At login, the system appends these entries to the top of your ruleset list, but starting at the bottom of this array. The order of rows in this array becomes the order in which they appear in the ruleset list.
Except for access groups that have the PegaRULES:WorkUser4 role, include at least one ruleset version that is not locked. If all ruleset versions that a user can access are locked, the user cannot create new rules. Typically, managers have access to a local customized ruleset for storing only those rules that are personal, customized versions of reports.
Note: List distinct rulesets here. A user or other requestor can access rules in only one major version of a ruleset. For example, access to version 04-10-15 includes access to 04-10-14 and 04-04-11, but not to 03-01-01 or 02-15-07. For example:
If, during sign-on, the access group is accessed when the (partial) ruleset list contains Alpha:01, Beta:02, and Gamma:03 (in that order), and this array contains Red:07, Blue:08, and Green:09 (in that order), the result is Red:07, Blue:08, Green:09, Alpha:01, Beta:02, Gamma:03.
You can include a full version number or an initial portion of a version number. Separate the ruleset name from the version (or partial version) with a colon, as in these examples:
- MORTGAGE:02-07 – Initial portion (major and minor version)
- MORTGAGE:02-07-20 – Full version number
Previous topic Configuring security settings for an access group Next topic Defining a design-time configuration for an access group