Adding a role to an access group
You can assign access roles to an access group so that users who belong to the access group have a consistent set of functions available to them.
- To add or remove roles from an access group, you must have the pzCanAlterRoles privilege, which is included in the PegaRULES:SecurityAdministrator role.
- Before adding a role to an access group, complete the following task: Creating an access group.
Create an access group or open an existing instance from the navigation panel by clickingand selecting an instance.
Click the Definition tab.
Select Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access if you want the system to stop searching as soon as an access role is found with a relevant Access of Role to Object rule. Clear this check box to use all roles.
In the Available roles section, enter the access roles that apply to operators and other requestors that use this access group.
In the role field, press the Down Arrow key and select a role.
The following examples show the Pega-supplied roles. In your environment, use the roles that you have created.
- If you have not selected Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access, the order is not relevant; the access roles available to a user act as a collection of capabilities granted, and not as a hierarchy.
- Enter access roles that are consistent with the values that you enter in the Portals field.
- For non-developer workers and work managers using an application, a best practice is to create and use custom access roles that define the capabilities of the role by using Access of Role to Object rules. Pega Platform comes with one standard role for users and one for managers, but your application will probably have multiple different roles for users, managers, and others.
- The PegaRULES:ProArch4 role is supported but deprecated. Do not use this role for new development.
- For workers, use PegaRULES:User4.
- For work managers, use PegaRULES:WorkMgr4.
- For business analysts, use PegaRULES:SysArch4.
- For developers and designers, use PegaRULES:SysAdm4.
To add more access roles, click Add role and select a role.