Access Manager — Authorizing Work & Process items |
To access the Work & Process tab, click Designer Studio > Org & Security > Access Manager > Work & Process.
Your access group should provide Full or Conditional Access to the “AccessManager: change authorizations” tool in order to edit authorization settings in Access Manager, and Full or Conditional Access to the “AccessManager: view authorizations” tool to view settings in Access Manager. See Access Manager — Authorizing Tools.
This landing page includes an Application selector that enables you to limit results to one or more applications, if available, for processing. Click Application and select or deselect applications, and click Apply.
The Access Manager's Work & Process tab gives you a quick look at who can do what in your application. It displays a grid of case types (work classes) followed by user operations (open, modify, perform other users' assignments, etc.) on cases that you can secure with Access Manager. The display also includes flows and flow actions. Access Manager displays authorization settings for the access group of the current operator.
When case type items are expanded, icons indicate full access , no access , or conditional access.
Access Manager can alert you to areas in your business processes that need tighter restrictions. You can view and edit authorizations for users in an access group, or view displays of authorizations for all access groups.
Authorizations are granted based on a user's access group, not the role. The most permissive role in the access group determines the level of authorization for the access group. To the left of each case type item, Access Manager displays an icon indicating the most permissive authorization for each user action on cases of that type.
You can modify access for the following user operations on instances of the expanded case type (work class):
Additionally, Access Manager displays, if defined for the case type:
You can click Export authorizations to generate a report showing an expanded view of all settings for the access group and its roles.
For example, if the case type is Purchase Order, a next to the user action Run Reports indicates all users in the selected access group can run reports on case in the Purchase Order class. This is because one role has full access, which extends to all operators in the access group.
You can click a case type name to view its class definition.
Note: You cannot edit standard Pega 7 Platform roles.
- Full Access to grant operators with this role (as well as all other operators in the selected access group) full access to the item.
- No Access to deny operators with this role access to the item.
- Conditional to grant access to the item based on an Access When condition. The system displays a field below the Conditional button. Select an Access When condition under which an operator in the access group can access the item.
For authorizing access to assignments among members of an organization, Access Manager supplies standard Access-When rules. See Standard Access When rules.
Access Manager displays all flows and flow actions defined for each case type in the selected application(s). You authorize operator access to process flows and flow actions the same way you authorize access to user actions on cases.
Unlike authorization settings for user actions on a case type, settings for process flows and flow actions have no effect on the aggregate authorization value for an access group.
Note: To edit flows and flow actions, their containing RuleSet must be unlocked.
Your access group should provide Full or Conditional Access to the “AccessManager: change authorizations” tool in order to edit authorization settings in Access Manager.
- Full Access to grant operators with this role (as well as all other operators in the selected access group) full access to the item.
- No Access to deny operators with this role access to the item.
- Conditional to grant access to the item based on an Access When condition. The system displays a field below the Conditional button. Select an Access When condition under which an operator in the access group can access the item.
For authorizing access to assignments among members of an organization, Access Manager supplies standard Access-When rules. See Standard Access When rules.
You can click Export authorizations in All Access Groups view to generate a report showing an expanded view of all settings for all access groups defined for the application.
You cannot modify authorizations when viewing all access groups. The display is intended to show you only whether all operators in each access group are fully authorized to perform every user action on cases of a case type (), or all are denied authorization for every user action () -- or whether there is some mix of authorizations among the user actions (). Refer to the example below.
Note: Settings for process flows and flow actions have no effect on the aggregate authorization value for an access group.
You can expand the view to see authorization for each user action:
To continue the example, say you want to investigate authorizations for View History by members of the PurchaseFW:ShippingReceiving access group. To do so, you select it in the Access Group menu then expand the Vendor Maintenance case type to display the setting for View History. The aggregate value of the View History user action is conditional, due to the conditional setting for the Shipping & Receiving role:
Access Manager — Authorizing Tools, About Access When rules, Customizing the Access Manager Privileges tab. |
|
About Flows
About Flow Actions |
Designer Studio — About Landing Pages