Skip to main content

Table of Contents

Advanced settings for access roles


Only available versions of this content are shown in the dropdown

Access roles define the classes that a user can view, update, and delete through the Access of Role to Object and Access Deny rule types. Access roles are critical for ensuring valid authentication in an application. The access roles that a user holds defines what they can and cannot due in an application. For example, a manager access role allows managers to reopen closed cases, whereas those with the case manager role cannot reopen cases.

An access role is different from a work party role, which defines the types of parties that can appear in work items.

Use an access role name to grant permissions to users. Requestor type instances and access group instances can reference access roles. Pega Platform provides built-in access roles, with names starting with PegaRULES:, for a variety of users:

  • Guests
  • Authenticated work users
  • Administrators
  • Developers

An access role is an instance of the Rule-Access-Role-Name rule type.

At user log in, the system assembles a set of roles for the user based on information in the user's requestor instance (Operator ID instance), and the associated access group instance. Access roles associated with a user are important because an access role allows access to features and determines the user's capabilities.

To determine whether the current user has a role, call the standard Boolean function HaveRole():

Lib(Pega-RULES:Default).HaveRole(this, "rolename").

Where referenced

Access role names form the first key part of Access of Role to Object rules (Rule-Access-Role-Obj rule type), and the Access Deny Obj rules (Rule-Access-Deny-Obj rule type). You convey access roles to users through access groups.


Use the Access Roles tab on the Security landing page to view or modify a list of the access roles in your application.

You can access the Access Roles landing page tab in the header of Dev Studio, by clicking Configure Org & Security Security Access Roles .

Use the Records Explorer to list all the access roles that are available to you.


Access Role Name rules are instances of the Rule-Access-Role-Name class and are part of the Security category.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us