You are here: Security > Authorization with Access Manager > Authorizing Work & Process items

Access Manager — Authorizing Work & Process items

To access the Work & Process tab, click Designer Studio > Org & Security > Access Manager > Work & Process.

Your access group should provide Full or Conditional Access to the “AccessManager: change authorizations” tool in order to edit authorization settings in Access Manager, and Full or Conditional Access to the “AccessManager: view authorizations” tool to view settings in Access Manager. See Access Manager — Authorizing Tools.

This landing page includes an Application selector that enables you to limit results to one or more applications, if available, for processing. Click Application and select or deselect applications, and click Apply.

About the Work & Process tab

The Access Manager's Work & Process tab gives you a quick look at who can do what in your application. It displays a grid of case types (work classes) followed by user operations (open, modify, perform other users' assignments, etc.) on cases that you can secure with Access Manager. The display also includes flows and flow actions. Access Manager displays authorization settings for the access group of the current operator.

When case type items are expanded, icons indicate full access , no access , or conditional access.

Access Manager can alert you to areas in your business processes that need tighter restrictions. You can view and edit authorizations for users in an access group, or view displays of authorizations for all access groups.

Authorizations are granted based on a user's access group, not the role. The most permissive role in the access group determines the level of authorization for the access group. To the left of each case type item, Access Manager displays an icon indicating the most permissive authorization for each user action on cases of that type.

User operations on cases

You can modify access for the following user operations on instances of the expanded case type (work class):

Additionally, Access Manager displays, if defined for the case type:

Single Access Group display

To view authorizations for case type items - single access group

You can click Export authorizations to generate a report showing an expanded view of all settings for the access group and its roles.

  1. If you want to view settings for an access group other than your own, select it in the Access Group field.
  2. In the Case Types column, click the arrow to the left of a case type to expand the display. (Expand Process Flows or Flow Actions the same way.) Access Manager displays one of the following icons to the left of the item, indicating:

For example, if the case type is Purchase Order, a next to the user action Run Reports indicates all users in the selected access group can run reports on case in the Purchase Order class. This is because one role has full access, which extends to all operators in the access group.

You can click a case type name to view its class definition.

To edit authorizations for case type items - single access group

Note: You cannot edit standard Pega 7 Platform roles.

  1. If you want to view settings for an access group other than your own, select it in the Access Group field.
  2. In the Case Types column, click the arrow to the left of a case type to expand the display.
  3. In the column for the access role to be authorized, click the icon and select one of the following for the desired case type user action, flow, or flow action:

 

About Authorizing Process Flows and Flow Actions

Access Manager displays all flows and flow actions defined for each case type in the selected application(s). You authorize operator access to process flows and flow actions the same way you authorize access to user actions on cases.

Unlike authorization settings for user actions on a case type, settings for process flows and flow actions have no effect on the aggregate authorization value for an access group.

Note: To edit flows and flow actions, their containing RuleSet must be unlocked.

To view authorizations for case type flows and flow actions- single access group

  1. If you want to view settings for an access group other than your own, select it in the Access Group field.
  2. In the Case Types column, click the arrow to the left of a case type to expand the display. Click the arrow next to Process Flows or Flow Actions to expand the list. Access Manager displays one of the following icons to the left of the item, indicating:

To edit authorizations for process flows or flow actions - single access group

Your access group should provide Full or Conditional Access to the “AccessManager: change authorizations” tool in order to edit authorization settings in Access Manager.

  1. If you want to view settings for an access group other than your own, select it in the Access Group field.
  2. In the Case Types column, click the arrow to the left of a case type to expand the display.
  3. In the column for the access role to be authorized, click the icon and select one of the following for the desired case type user action, flow, or flow action:

All Access Groups view

To view authorizations for case type items - all access groups

You can click Export authorizations in All Access Groups view to generate a report showing an expanded view of all settings for all access groups defined for the application.

You cannot modify authorizations when viewing all access groups. The display is intended to show you only whether all operators in each access group are fully authorized to perform every user action on cases of a case type (), or all are denied authorization for every user action () -- or whether there is some mix of authorizations among the user actions (). Refer to the example below.

Note: Settings for process flows and flow actions have no effect on the aggregate authorization value for an access group.

  1. In the Access Group field, select All Access Groups.

    Here is an example showing the unexpanded display:

    In the example above, the display indicates the following access to user actions on cases of case type Vendor Maintenance:

You can expand the view to see authorization for each user action:

To continue the example, say you want to investigate authorizations for View History by members of the PurchaseFW:ShippingReceiving access group. To do so, you select it in the Access Group menu then expand the Vendor Maintenance case type to display the setting for View History. The aggregate value of the View History user action is conditional, due to the conditional setting for the Shipping & Receiving role:

Definitions

Access Manager — Authorizing Tools, About Access When rules, Customizing the Access Manager Privileges tab.

Related topics About Flows
About Flow Actions

Tools — Application

Designer Studio — About Landing Pages