Role-based access control
Use role-based access control (RBAC) to restrict users from having access to certain UI elements, to performing only certain actions in the UI, or to having any access to a class, based on defined roles and privileges that are derived from the user’s access group. Access groups define the actions that groups of users can do in an application. For example, you can configure a case manager access group so that case managers can approve important cases that are not permitted for other case workers.
The basic components of RBAC are operators, access groups, and access roles. An operator ID represents a user who is permitted to log in to a Pega Platform application.
An access group is a group of permissions within an application. An operator belongs to one or more access groups, depending on what applications and functions the user can access. At any given time, one access group is in effect for a logged-in user.
An access group includes one or more access roles which define what the group can do. The same role can be used in multiple access groups.
- Learning about operators
An operator defines a unique identifier, password, preferences, and personal information for a user. Create operators so that people and processes can access your application.
- Learning about access groups
An access group is a group of permissions within an application. Pega Platform uses these permissions for operators, external system access, and background processes. You define an access group for operators who have similar responsibilities. For example, most applications allow case managers to do actions that are different from the actions of regular operators, so case managers and regular operators belong to different access groups.
- Managing access roles
An access role rule defines a name for a role, and represents a set of capabilities. To deliver these capabilities to users, you reference the access role name in other rule types to assign the access role to users and to provide, or restrict, access to certain classes.
- Understanding role permissions and privileges in Access Manager
Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.