Tenant development restrictions

In a multitenant configuration, from the shared region you have the same set of functionality in Designer Studio as in Standard Edition. The subset functionality and underlying restrictions ensure that tenant development has no effect on other tenants.

Tenant system restrictions

Applications developed must be guardrail-compliant.

  • Java development is not allowed in a tenant. Java activity step and JSP development in stream HTML rules are not allowed.
  • Custom SQL is prohibited. Any SQL must be reviewed and approved by the multitenant provider prior to deployment. For custom SQL, the multitenant provider should also review plans for SQL queries, because problematic SQL can cause performance issues that affect all tenants.

Designer Studio differences from Standard Edition

  • All tenant users are completely blocked from creating rules in shared rulesets.
  • Tenants cannot view/browse/modify instances of the Data-Admin-Tenant class.
  • Tenant users cannot create a new Database Table to Class Mapping.

Rules restricted in tenant context

Restricted rule types can be saved unless they use restricted features such as Java steps, @Java expressions, and custom HTML that has not been autogenerated.

CAUTION:
You can loosen the restrictions on restricted rule types by using the pxAccessToMTRestrictedRules privilege that is part of the PegaRULES:AppArchitect role that is assigned to the tenant administrator operator by default. Be aware that if you allow access to these rules, tenant developers might be able to access other tenants’ data or destabilize the system for all users.
  • Rule-Access-When
  • Rule-Alias-Function
  • Rule-Corr-Fragment
  • Rule-Declare-CaseMatch
  • Rule-Declare-DecisionTree
  • Rule-Declare-Expressions
  • Rule-HTML-Paragraph
  • Rule-HTML-Property
  • Rule-HTML-Section
  • Rule-Obj-Corr
  • Rule-Obj-Model
  • Rule-Obj-When
  • Rule-Obj-Validate

Rules blocked in tenant context

Blocked rules cannot be saved or accessed.

  • Data-Admin-Connect-AtomServer
  • Data-Admin-Connect-EmailListener
  • Data-Admin-Connect-FileListener
  • Data-Admin-Connect-FTPServer
  • Data-Admin-Connect-JMSListener
  • Data-Admin-Connect-JMSMDBListener
  • Data-Admin-Connect-JNDIServer
  • Data-Admin-Connect-MQListener
  • Data-Admin-Connect-MQServer
  • Data-Admin-Connect-SOAPServer
  • Rule-Agent-Queue
  • Rule-Connect-Cassandra
  • Rule-Connect-CMIS
  • Rule-Connect-dotNet
  • Rule-Connect-EJB
  • Rule-Connect-File
  • Rule-Connect-HBase
  • Rule-Connect-HTTP
  • Rule-Connect-Java
  • Rule-Connect-JCA
  • Rule-Connect-JMS
  • Rule-Connect-MQ
  • Rule-Connect-SAP
  • Rule-Connect-SAPJCo
  • Rule-Connect-SQL
  • Rule-Edit-Input
  • Rule-Edit-Validate
  • Rule-File-Form
  • Rule-File-Text
  • Rule-HTML-FixedList
  • Rule-HTML-Fragment
  • Rule-Obj-HTML
  • Rule-Obj-JSP
  • Rule-RDB-SQL
  • Rule-Report-RuleBase
  • Rule-Service-BPEL
  • Rule-Service-COM
  • Rule-Service-dotNet
  • Rule-Service-EJB
  • Rule-Service-Email
  • Rule-Service-File
  • Rule-Service-HTTP
  • Rule-Service-Java
  • Rule-Service-JMS
  • Rule-Service-JSR94
  • Rule-Service-MQ
  • Rule-Service-Portlet
  • Rule-Service-SAP
  • Rule-Service-SAPJCo
  • Rule-Utility-Function
  • Rule-Utility-Library