Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Understanding Discovery features for access control policies

Updated on March 15, 2022

Access control policies support discovery features that allow users to view limited, customizable information about class instances that fail read policies but satisfy discover policies. Users cannot open or interact with the discoverable instances, but they can see that the instances exist and they can evaluate whether they might need access to certain instances.

To make discovery features available to users, the pyIsDiscoveryEnabledForOperator Access When rule must evaluate to true. These features apply to instances of Work- and Data- classes when data is retrieved from the Pega database, but apply only to instances of Work- classes when data is retrieved from the search index.

The following Discovery gadgets, which are section rules, support discovery features:

  • pxDiscoverableItems – This section displays discoverable instances for report definitions. By default, this section is included in the Report Viewer when it displays results for list reports. This section can be displayed in the results for summarized reports if you set the dynamic system setting DiscoverableItemsIncludedForSummaryReport to true.
    Note: In the Report Viewer, this Discovery gadget shows only records that have the condition NotReadAndDiscover.
  • pxDiscoverableSearchItems – This section displays discoverable class instances for search. By default, this section is included when search results are displayed.

The Discover gadget is shown in the Report Viewer or in search when all of the following are true:

  • Read policies are in force for at least one of the classes involved (either defined on the class or inherited by it), and there are policy conditions for those policies (the policy conditions do not have empty filter logic strings).
  • Discovery policies are in force for at least one of the classes that also have Read policies, and there are policy conditions for those policies.
  • The number of instances that fail the Read policies but satisfy the Discovery policies is greater than zero.

Each of the Discovery gadgets displays a link with the number of class instances for the report or search that fail read policies but meet discover policies for the user. Users can view a list of the discoverable instances by clicking the link. The information that is shown for these instances is determined by the pyDefaultDiscoverableReport report definition rule for a class.

Developers can customize these sections to change their labels and behavior. You can also include these sections in other parts of an application’s user interface. For example, you can include the pxDiscoverableItems section above a list control that is populated by a report definition.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us