Setting a privilege
To secure an activity, you need to choose the correct privilege. The task described below is an example step-by-step process to find an existing privilege in your application in order to secure an Activity.
In the example below, we are looking for an activity that gives the user the ability to reopen a case.
If you are looking for privileges found in standard Roles Name rules available in Pega Infinity, see Standard Privileges in Securing an Activity.
Determine the Access Roles that should and should not have the ability to execute the Activity.
- In our example, users with the role PegaRULES:User4 should have the ability to update cases, but not to reopen them.
- Users with the PegaRULES:WorkMgr4 role should have the ability to both update cases and reopen them.
- To view the example Access Role, in the pabel of , click your Role Name in the list. . Then, select
In the Privileges column, there is a list of privileges for that Role Name. Choose the privilege that describes the action you need to take that is available for this role, but not available for other roles which should not be able to execute this activity.If you are building a Component or Application reuse layer, adding new privileges could cause backwards compatibility problems. It is possible to create a Role Name using the "Clone from" feature rather than using role dependencies. If those consuming your Component or Application reuse layer did this, when you add new privileges you must document this in upgrade instructions because those cloned roles will not get the new privilege on upgrade.
- In our example, there is an existing Privilege called WorkReopen found near the bottom of PegaRULES:WorkMgr4 role.
In the same row, in the first column, note the class associated with that privilege.
In our example, this is "Work-".
Open your activity rule form and enter the Class and Privilege name. For example:
When an Activity has multiple privileges listed, the user needs one of the privileges to be granted access.
- Privilege Class: Work-
- Privilege Name: WorkReopen