Specify system-wide security parameters for this Pega Platform system.
Note: Changes you make to this tab become effective the next time that the system is started.
Field |
Description |
Production level |
Enter a production level value that characterizes the need for access security on this system. A high production level number implements a restrictive security scheme for production use with few people empowered to change rules. A low level (of 1 or 2) enables developers to experiment by creating and updating rules on development systems. The System instance (the single instance of the Data-Admin-System class) contains the production level of your system. The current level is recorded as the value of the pzProductionLevel property on the Process page. This production level and access roles together determine class access — which users can create, update, delete, and otherwise operate on objects of specific classes through Access of Role to Object rules (Rule-Access-Role-Obj rule type). To change the production level of a system, open and update the Production level field and save the System form. The change takes effect (for a node) the next time that a node is started. Note: The DB Trace tool is not available in a production system (Production Level =5). |
License parameters name |
Optional. If you have completed a Data-Admin-License instance for your system, select it here. Otherwise, leave blank. See Working with the License Compliance facility. |
Lock timeout |
Enter the maximum time in minutes that an instance — for example, a work item — remains locked when opened. The default value is 30 minutes. After this period, the system can mark this lock as soft, meaning that the lock is available to other users who request it. Soft locks help to prevent bottlenecks. (The other user is sometimes said to steal the lock.) However, even after a lock is marked as soft, the lock holder retains the lock and can save and commit the updated instance. For example, if user Harry opens and updates work item W-1000 but then does not save the updated work item for more than 30 minutes, another user — Martha — can open the (unchanged) work item, stealing the lock from Harry. Harry's changes are lost. However, if neither Martha nor any other user open W-1000 during this 30 minutes and Harry has not signed off, then Harry can still save W-1000 with his changes. When browser-based users exit Pega Platform by closing the browser window rather than by logging off properly, locks held by the requestor remain until the session is later deleted. These locks block access by other requestors. Reducing this Lock Timeout value can reduce such bottlenecks. See PDN article Adjust time-out settings to reduce locking issues when users do not log off. Do not confuse the lock timeout interval — a single system-wide value — with the authentication timeout value in an access group, which may vary from user to user. No relationship is required between these two intervals. |
Enable persistent context? |
Leave clear. This field is reserved for future use. |
Number of concurrent sessions allowed for each operator |
Enter the maximum number of sessions for each operator in the cluster by specifying a value that is equal to or greater than 1. Pega Platform blocks operators from creating new sessions after reaching the maximum number of concurrent sessions, which improves cluster security by reducing the likelihood of an untrusted person gaining access to a system in the cluster. The default value is -1, which allows unlimited sessions per operator. Important! If you change this setting, you must restart your Pega Platform system. This setting works for all operators in a cluster that have been set up with a single system name, except those operators that are on a whitelist. You can set up a list of operators to which this setting does not apply using the presence/maxsessions/operators/whitelist Dynamic System Setting. For more information, see Adding a Dynamic System Setting. Only active sessions are counted. Sessions that are passivated, timed out, or disconnected (because the operator browser session closed or crashed, or because the operator was disconnected from the network), are not counted as active sessions. Pega Platform blocks inactive sessions from becoming active. |