Access Group
form
|
Complete this tab to identify the class groups, RuleSets, and access roles available to the Operator IDs or requestors that reference this access group.
You can refer to an application rule that lists RuleSets and versions, or list them directly in the Production RuleSets array.
As a best practice, leave the Production RuleSets array blank and refer to an application rule. This approach helps minimizes the number of distinct RuleSet lists that users in your system employ. Using fewer distinct RuleSet lists can improve system performance and help avoid unplanned differences in RuleSet lists among users.
Field |
Description |
Application | |
Name |
Enter the first key part of an application rule (Rule-Application rule type) to be available to all users associated with this access group. As a user signs on, Process Commander adds the RuleSets and Versions identified in this application rule to the user's RuleSet list. (Leave blank in legacy configurations only.) |
Version | Identify the second key part of an application rule. |
Field |
Description |
Work Pools |
Optional. List all class groups for work pools in which users associated with this access group are permitted to enter new work objects. Each class group defines a work pool, a named collection of work types. Leave blank if users who enter new work objects and are associated with this access group use a composite portal that includes the standard section rule @baseclass.NewWork. The work types that such users can enter appear on the Details tab of the Application rule, not here. See How to create a composite portal. Leave blank if users associated with this work object do not enter new work. For users of the traditional WorkUser or WorkManager portal rules, this list determines the set of work pool names that appear in the Work Pool Selector (typically visible below the logo in the navigation panel) and the work types that appear in the selection list of the New.. box. The names appear in the order that the work pools are listed. Select one radio button to mark as Default the class group that holds the work types in which users associated with this access group most often enter work objects. For User portals, this determines the work pool name that appears in the work pool selector below the logo. For example, if you designate the PegaSample class group as default, the corresponding work pool name is Sample Work. When a user (at a traditional portal) associated with this access group enters new work objects, the available work types are those from classes (work types) in the designated class group (work pool). The system obtains the work pool name text from the Short Description text of the class rule that has the same name as the class group. You can enter any class group on this list for which the container class (the Rule-Obj-Class instance with the same name as the class group) belongs to a RuleSet listed in the Production RuleSets array or available to users through application rules. This restriction ensures that the rules of the application (in addition to the work types) are available to users associated with this access group. Work pool names appear on this Work Pool Selector list in the order that the corresponding work pools are listed here. If this array contains more than a few, consider reordering them to present the work pool names alphabetically, or in another order meaningful to users. If you leave this array blank, operators associated with this access group cannot enter new work. However, the Work Pools array does not affect which work objects the operator can update, only which types of work objects the operator can create. Which assignments the operator can open and update is determined by access roles and RuleSet lists, not by the work pools. Many reports in the Monitor Activity workspace cover business processing for a selected work pool. For an access group to be associated with managers, list all work pools that correspond to applications they may want to report on, whether or not they enter new work in these work pools. |
Leave blank except for developers and others who modify rules. While your profile includes RuleSets versions listed here, they are not considered part of the current application. Rules in the RuleSet versions listed here are not visible in the Application Explorer, Application Preflight, Application Inventory, or Application Document facility.
For example, in a production setting, you can identify one RuleSet and Version that remains unlocked and holds only rules expected to be changed often. Such rules may be delegated to management. A RuleSet with this purpose is sometimes called a local-only or production RuleSet.
If your organization has implemented the optional password management facility, you can list the PegaPwdControl:01-01-01 RuleSet version here to enforce password value restrictions for users who have this access group. Alternatively, include this RuleSet Version in an application rule.
Field |
Description |
Production RuleSets |
Optional. Enter the RuleSets and Versions specific to this access group. As a best practice for good security — and to avoid a warning when you save the Access Group form, select from the RuleSet versions that appear in the Production RuleSets array on the General tab of the application rule. The system uses this information at log-on time to assemble the RuleSet list for this user. The order of your entries in this array affects rule resolution. At login, the system appends these entries to the top of your RuleSet list, but starting at the bottom of this array. The order of rows in this array becomes the order they appear in the RuleSet list. For example, if during sign-on this access group is accessed when the (partial) RuleSet list contains Alpha:01, Beta:02, and Gamma:03 (in that order), and this array contains Red:07, Blue:08, and Green:09 (in that order), the result is Red:07, Blue:08, Green:09, Alpha:01, Beta:02, Gamma:03. You can include a full version number or an initial portion of a version number. Separate the RuleSet name from the version (or partial version) with a colon, as in:
Except for users who have the PegaRULES:WorkUser4 role, include at least one RuleSet version that is not locked. If all RuleSet Versions that a user can access are locked, that user cannot create new rules. (Typically, managers have access to a local customization RuleSet for storing only those rules that are personal customized versions of list view or summary view reports.) List distinct RuleSets here. A user or other requestor can access rules in only one major version of a RuleSet; access to version 04-10-15 includes access to 04-10-14 and 04-04-11, but not to 03-01-01 or 02-15-07. To reorder the rows of this array, hold the mouse pointer over a number. Click and drag to another row. To duplicate or move a row, hold the mouse pointer over a number. Or, right-click to access a menu with Cut, Copy, and Insert options. |