Back Forward More about Access Group data instances

 About Access Group data instances

When effective

NoteAfter you save an Access Group form, active requestor sessions on the current node that are associated with that access group are immediately updated. Requestors at other nodes in a cluster are updated when the next system pulse occurs on their node.

OldIn Version 4, changes to an access group affected only those requestors who logged in after the change. Active requestors were not affected.

Security audits

Using the optional security audit feature, your application can present in the History display which values were added, updated, or removed from the data object, for selected data classes. See How to enable security auditing for rule or data changes.

Facilities provided to unauthenticated (guest) requestors

Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PegaRULES:Unauthenticated access group, as referenced in the Requestor type instance named BROWSER.

CautionIf you update the BROWSER requestor type to reference a different access group, or update the the PegaRULES:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully the Authenticate? check box on the Security tab of each activity in the RuleSets. Select this check box for all but those specific activities that guests need to run.

Notes

zzzAs you develop applications and operate your system, the SmartPrompt feature displays those rules that you have access to. When completing an access group form, choose rules (for the Default Portal Layout and Access Roles fields) that the operators associated with this access group at runtime can access. Rule visibility for these operators is determined by the application rule listed on the Access tab of their access group or groups. Their RuleSet list may contain fewer RuleSets and Versions — or different RuleSets and Versions — than your own RuleSet list.

NoteYou can update, but do not delete, the PegaRULES:Unauthenticated access group. This access group provides pre-login access to all browser-based users.

Advanced featureTo change access groups programmatically, a requestor can call an activity that uses the PublicAPI function getAuthorizationHandle(), and then applies the Java method setCurrentAccessGroup().

Definitions access group, application rule, organization, timeouts, work pool
Related topics About Operator ID data instances
About Class Group data instances
Standard rules Atlas — Initial Access Groups

zzzAbout Access Group data instances