You are here: Reference > Standard data instances > Access groups

Initial Access Groups
(Data-Admin-OperatorAccessGroup)

When first installed, your system contains only certain access groups, each linked to the standard application rule PegaRULES.06.01.zz.

Caution: To protect the integrity of your Pega 7 Platformsystem and to avoid upgrade issues, you cannot update these access groups. As a best practice, use the New Application wizard to create access groups and Operator IDs for your organization.

To list all of the access groups on your system, select Designer Studio > Org & Security > Security > Access Groups.

Name

Purpose

PRPC:Administrators

An access group that serves as a template for access groups for developers, system administrators, and other users of the Designer Studio.

Caution: Except upon initial use of a newly installed Pega 7 Platform system, do not log in with Operator IDs that directly reference this access group, which has special restrictions preventing certain updates. Instead, create organization-specific operators and access groups using the Organization Setup gadget. See More about Access Groups.

PRPC:Agents

For all Batch requestors. Supports all agents, listeners, and services, including the Pega-ProCom agent, which enforces service-level agreements.

Note: For service requests, this access group applies only temporarily, until the system finds the service package, typically using a key part provided by the listener or the arriving request. At that point, the access group in the Service Package data instance (Data-Admin-ServicePackage class) applies, whether or not the service request is to be authenticated. That access group can provide the service with access to other RuleSets, privileges, and access roles.

If you edit Data-Admin-Requestor.BATCH such that it no longer has access to the PRPC:Agents access group and then upgrade the Pega 7 Platform, the system may fail to start after the upgrade.

PRPC:PortalUsers

For JSR-168-compliant portlet access. See About Service Portlet rules.

PRPC:Unauthenticated

For guest users.

PRPC:WorkManagers

For managers. This is a sample; create access groups for managers that provide access to the portal, RuleSets, and privileges appropriate to their needs.

PRPC:WorkUsers

For users who are not managers. This is a sample; create access groups for managers that provide access to the portal, RuleSets, and privileges appropriate to their needs.

Deprecated access groups

These are retained to support applications created in Version 4.2 and Version 5.X systems. They are deprecated and not recommended for continued use.

Name

Purpose

PegaRULES:Administrators Deprecated. Use the Administrators access group shipped with the product.
PegaRULES:WorkManagers Deprecated. Use the WorkManagers access group shipped with the product.
PegaRULES:Agents Deprecated. Use the Agents access group shipped with the product.
PegaRULES:PortalUsers Deprecated. Use the PortalUsers access group shipped with the product.
PegaRULES:Unauthenticated Deprecated. Use the Unauthenticated access group shipped with the product.
PegaRULES:WorkUsers Deprecated. Use the Administrators access group shipped with the product.
PegaRULES:ProcessArchitects Deprecated. Use the Administrators access group shipped with the product.
PegaRULES:SystemArchitects Deprecated. Use the Administrators access group shipped with the product.

Related Topics Link IconRelated information