Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Restricting user actions for case attachments

Updated on March 29, 2022

Improve case security by ensuring that users can interact with content that is appropriate for their role only. When you define conditions or privileges in an attachment category, you control which actions a user can take on a case attachment.

For example, when working with a loan request case type, only a manager can access documents that contain customer's sensitive data.
Before you begin: Define attachment categories that your case type supports. For more information, see Categorizing case attachments.
Note: At run time, restricting actions works for attachments of file and URL types only.
  1. In the navigation pane of Dev Studio, click App.
  2. In the class of the case type that you want to configure, expand the Process section.
  3. Click Attachment Category, and then click the name of the attachment category that you want to configure.
  4. Identify the case attachments types that your attachment category supports:
    1. Click the Availability tab.
    2. Select the check box next to one or more relevant attachment types.
  5. On the Security tab, restrict user actions on the attachment types:
    ChoicesActions
    Restrict user actions accordingly to a privilege
    1. In the Access control list by privilege section, in the Privilege field, enter a privilege that you want to use to grant user actions.
    2. Select a check box in one or more columns, based on the user operations that this privilege grants.
      For example: To allow users to delete attachments that they create, select the Delete own check box.
    3. To add more privileges and specify other actions for each privilege, click Add privilege, and then repeat steps 5.a and 5.b.
      Result: At run time, users with the specified privileges can perform actions that you assign to each privilege.
    Restrict user actions accordingly to a when condition
    1. In the Access control list by When Rule section, in the When field, enter a when condition that you want to use.
      For example: Select a when condition that at run time evaluates if a user belongs to a Managers access group.
    2. Select a check box in one or more columns, based on the user operations that this privilege grants.
      For example: To allow users to add attachments to a case, select the Create check box.
    3. To add more when conditions, click Add when, and then repeat steps 5.a and 5.b.
      Result: At run time, if a when condition evaluates to true, users can perform actions that you associate with the when condition.
    Note: The absence of a privilege or when condition does not automatically restrict a user operation. For example, if you define a condition that allows users to create attachments, ensure that you also define another condition that restricts editing, viewing, and deleting attachments.
  6. Optional: To allow users to choose which teams can access the attachments that the users provide, select the Enable attachment-level security check box.
  7. Click Save.
Result: A user can perform an action only when all the when conditions return a true value, the user belongs to the required team, and the user holds at least one of the required privileges.
What to do next: Grant a privilege to case workers who resolve cases that include create permissions for this attachment category. For more information, see Granting privileges to an access role.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us