Back Forward More about Access Group data instances

About Access Group data instances

Restrictions

CautionProcess Commander prohibits certain changes to the important access group PRPC:Administrators. Do not attempt to run the Application Accelerator, Application Profile, Application Express or other DCO tools while logged in as an operator associated with this access group. Follow this procedure to create an access group and Operator IDs for initial use of these tools: BUG-24090 withdrawn 3/19/2010

  1. Select Pega button> Org & Security > Organization > Organization Setup to access the Organization Setup gadget.
  2. Use this gadget to create a separate organization with associated Operator IDs and distinct access groups.
  3. Log in as an administrator of the new organization to use DCO tools.

When effective

NoteAfter you save an Access Group form, active requestor sessions on the current node that are associated with that access group are immediately updated. Requestors at other nodes in a cluster are updated when the next system pulse occurs on their node. GAJNJ 5/22/06

OldIn Version 4, changes to an access group affected only those requestors who logged in after the change. Active requestors were not affected.

Security audits

Using the optional security audit feature, your application can present in the History display which values were added, updated, or removed from the data object, for selected data classes. C-2644 See How to enable security auditing for rule or data changes.

Facilities provided to unauthenticated (guest) requestors

Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.

CautionIf you update the pega.BROWSER requestor type to reference a different access group, or update the PRPC:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully the Authenticate? checkbox on the Security tab of each activity in the RuleSets. Select this checkbox for all but those specific activities that guests need to run. GARFJ 2/2007

Notes

As you develop applications and operate your system, the SmartPrompt feature displays those rules that you have access to. When completing an access group form, choose rules (for the Default Portal Layout and Access Roles fields) that the operators associated with this access group at runtime can access. Rule visibility for these operators is determined by the application rule listed on the Layout tab of their access group or groups. Their RuleSet list may contain fewer RuleSets and Versions — or different RuleSets and Versions — than your own RuleSet list. REMOVED NoteYou can update, but do not delete, the PRPC:Unauthenticated access group. This access group provides pre-login access to all browser-based users. B-15122

Advanced featureTo change access groups programmatically, a requestor can call an activity that uses the PublicAPI function getAuthorizationHandle(), and then applies the Java method setCurrentAccessGroup(). GAGNJ 11/23/05

Definitions access group, application rule, organization, timeouts, work pool
Related topics About Operator ID data instances
About Class Group data instances
Org & Security category — Organization landing page
Standard rules Atlas — Initial Access Groups

UpAbout Access Group data instances