Using advanced settings for access roles
An access role is different from a work party role that defines which types of parties can appear in work items.
To test whether the current user holds a role, call the standard Boolean function:
- Understanding Access of Role to Object rules
Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.
- Understanding Access Deny rules
Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access Deny rule forms. In the Pega Platform, select Dev Studio > Org & Security > Access Manager.
- Understanding Access When rules
An Access When rule defines a test that the system performs to allow, or disallow, a user from performing an operation or accessing information (instances of a specific class) based on security requirements.
- Using setting rules
Use a setting rule to define a name and data type for a setting that your application can use for finely tuned access control. You can define access for different access roles based on the value of a setting. You associate the setting name and value on the Access of Role to Object rules for various class/role combinations.
- Managing access roles
An access role rule defines a name for a role, and represents a set of capabilities. To deliver these capabilities to users, you reference the access role name in other rule types to assign the access role to users and to provide, or restrict, access to certain classes.