Defining a run-time configuration for an access group
You can define settings for an access group that are related to run-time rulesets and accessibility for users and other requestors who belong to an access group.
- Create an access group as described in Creating an access group.
- Open an existing instance from the navigation panel by clicking and selecting an instance.
To define a run-time configuration for an access group, click the Advanced tab and navigate to the Run time configuration section. Choose any of the following options.
To provide users with more accessible versions of several standard harness, section, and flow actions , select Enable accessibility add-on.
To provide maximum accessibility support, include the PegaWAI ruleset in the Production Rulesets list for such users. For more information, see Understanding accessibility
For users who belong to the access group and who have design-time permission in a production setting, provide the names of one or more Production Rulesets that contain the updated rules.
For example, in a production setting, you can identify one ruleset and version that remains unlocked and holds only rules that are expected to change often. Such rules can be delegated to management. A ruleset with this purpose is sometimes called a local-only or production ruleset.Leave this blank except for developers and other users who modify rules. While your profile includes the ruleset versions listed here, they are not considered part of the current application. Rules in the ruleset versions listed here might not be visible in the Application Explorer, Guardrails tool, or Document wizard facilities.
As a best practice for good security, and to avoid a warning when you save the Access Group form, select from the ruleset versions that appear in the Production Rulesets (customization) array on the Definition tab of the Application rule.
The system uses this information at log-on time to assemble the ruleset list for this user. The order of your entries in this array affects rule resolution. At login, the system appends these entries to the top of your ruleset list, but starting at the bottom of this array. The order of rows in this array becomes the order in which they appear in the ruleset list.
Except for access groups that have the PegaRULES:WorkUser4 role, include at least one ruleset version that is not locked. If all ruleset versions that a user can access are locked, the user cannot create new rules. Typically, managers have access to a local customized ruleset for storing only those rules that are personal, customized versions of reports.List distinct rulesets here. A user or other requestor can access rules in only one major version of a ruleset. For example, access to version 04-10-15 includes access to 04-10-14 and 04-04-11, but not to 03-01-01 or 02-15-07.
If, during sign-on, the access group is accessed when the (partial) ruleset list contains Alpha:01, Beta:02, and Gamma:03 (in that order), and this array contains Red:07, Blue:08, and Green:09 (in that order), the result is Red:07, Blue:08, Green:09, Alpha:01, Beta:02, Gamma:03.
You can include a full version number or an initial portion of a version number. Separate the ruleset name from the version (or partial version) with a colon, as in these examples:
- MORTGAGE:02-07 – Initial portion (major and minor version)
- MORTGAGE:02-07-20 – Full version number
- Learning about access groups
An access group is a group of permissions within an application. Pega Platform uses these permissions for operators, external system access, and background processes. You define an access group for operators who have similar responsibilities. For example, most applications allow case managers to do actions that are different from the actions of regular operators, so case managers and regular operators belong to different access groups.
- Creating an access group
An access group is a group of application permissions that are used by an operator, external system, or background process. Create an access group to define the actions that are allowed when such an entity uses an application.