Back Forward More about Operator ID data instances

About Operator ID data instances
XXXXXXX update for SHA-1 hash code rather than MD5 xxxxxxxxx

Operator IDs and LDAP

If you implement the LDAP authentication capability, the log-on process accesses a central LDAP directory for authentication and ignores the password in this Operator ID instance. However, an Operator ID data instance is still needed for each user.

Extension point activity during log-in

When a requestor logs in, the extension point activity Code-Security.ApplicationProfileSetup runs as a late step. The standard activity with that name is an empty stub. Your application can override the standard activity to perform additional processing as required. CLINIC notes 12/21/04

Security audits

Using the optional security audit feature, your application can present in the History Details display information about which values were added, updated, or removed from an Operator ID instance. C-2644 See How to enable security auditing for rule or data changes.

Password hash

Operator ID passwords, like most other passwords in rule or data forms, are saved as hashed values in the PegaRULES database, using the SHA-1 message digest algorithm.

Consult Configuration Settings Reference, a document available on the PDNPega Developer Network, for details on this and other crypto settings.

Clipboard

During log-in, the system copies most properties from the Operator ID instance are to properties in the pxRequestor page of the clipboard. For browser-based users, this information is also on the page named OperatorID.

However, the value of the password property pyPwdCurrent is always encrypted both on the clipboard and during log-in.

Multiple sessions

Standard log-in processing does not limit the number of sessions that one Operator ID can have open. In practice, Process Commander cannot reliably detect when a session ends, so internal records of which Operator IDs have activity sessions may overstate the true situation, and wrongly prevent users from an additional log-in. SR-1245

Clusters and Operator IDs

After you save a new or updated Operator ID instance, the change may not be reflected on another node in a cluster until the Pega-RULES agent on that node performs the next system pulse — typically after no more than 60 seconds. Unlike instances of most other Data- classes, the system saves Operator ID instances into the rule cache. As a result, until the next time the rule cache is synchronized, one node may access a stale copy from its rules cache. B-18750 B-15912

Previous sign-on

The system-maintains the property pyLastSignon as the date and time of the last successful login (using normal authentication) by this Operator ID, using a Declare Trigger rule. B-19947 SR-3367 BUG-2017 (Ordinarily, do not update this property value directly in your application.)

Bulk operator load

NoteYou can create Operator ID instances by important a Comma-Separated-Values (CSV) text file, such as created by Microsoft Excel. For an example, search for "Bulk Operator Load" in the Pega Exchange area of the Pega Developer Network. You may need to adapt and extend this example to meet local requirements.

Deleting operators

Process Commander does not prohibit deletion of an Operator ID instance when there are open assignments on that operator's worklist, or when that Operator ID is referenced in another data instance (such as an organization unit or workbasket).

TipIf a user is no longer active, rather than deleting the Operator ID instance, you can follow these steps:

  1. Ensure that this user is not currently logged in.
  2. Transfer or complete all assignments on the worklist.
  3. Update the password to a value that is not disclosed to the user, so that person can no longer log in.
  4. Ensure that this user has no rules checked out. If not, sign on and delete or check in the checked-out rules.
  5. Clear the Operator is available to receive work? checkbox.
  6. Enter a departure date in the Unavailable from array.
  7. Enter a substitute operator for assignments routed to this operator.
  8. Save the updated Operator ID instance.

NoteYou can't delete an Operator ID if the operator has rules checked out. Have the operator sign in, and delete or check in all rules in the operator's personal RuleSet. SR-784 B-15908

Definitions division, organization, LDAP, role, rule cache, RuleSet list
Standard rules Atlas — Initial Operator IDs

UpAbout Operator ID data instances