Using setting rules
Use a setting rule to define a name and data type for a setting that your application can use for finely tuned access control. You can define access for different access roles based on the value of a setting. You associate the setting name and value on the Access of Role to Object rules for various class/role combinations.
Settings and values become associated with individual users indirectly. Each user has an associated access group, referenced in the Operator ID data instance. The access group identifies one or more access roles. Access of Role to Object rules with these roles as a first key part define many aspects of user access control. These Access of Role to Object rules might reference settings rules and define values for each setting.
Setting rules have no relation to application settings rules (Rule-Admin-System-Settings rule type) or dynamic system settings (Data-Admin-System-Settings class).
Use the Application Explorer to list setting rules in your application. Use the Records Explorer to list all the setting rules that are available to you.
For example, an application includes two access roles named Underwriter and SeniorUnderwriter. You create a setting rule named PolicyLimit so that the application can assign work to operators of each role based on the amount of a policy.
In the appropriate Access of Role to Object rules, you associate a different policy limit amount with each access role. In processing, policies with a value of $50,000 or less can be routed to an Underwriter and policies worth more than $50,000 can be routed to a Senior Underwriter.
Functions that evaluate settingsActivities in your application can use three standard functions in the Pega-RULES:Settings library to evaluate settings at run time:
- getSetting(AppliesTo, SettingName)
- Return the setting value.
- getSettingType(AppliesTo, SettingName)
- Return a Java type for the setting, such as
- getNumericSetting(AppliesTo, SettingName)
- Return the value as a Decimal property value.
- Defining access settings for an Access of Role to Object rule
To more precisely define access to instances of a class, you associate one or more access settings with an access role by using the Settings tab of the Access of Role to Object rule form. Specifying access settings is optional.
- Understanding Access of Role to Object rules
Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.
- Learning about access groups
An access group is a group of permissions within an application. Pega Platform uses these permissions for operators, external system access, and background processes. You define an access group for operators who have similar responsibilities. For example, most applications allow case managers to do actions that are different from the actions of regular operators, so case managers and regular operators belong to different access groups.