More about Access Group data instances
|
|
PRPC prohibits certain changes to the important access group PRPC:Administrators. Do not attempt to run the Application Accelerator, Application Profiler, Application Express or other DCO tools while logged in as an operator associated with this access group. Follow this procedure to create an access group and Operator IDs for initial use of these tools:
After you save an Access Group form, active requestor sessions on the current node that are associated with that access group are immediately updated. Requestors at other nodes in a cluster are updated when the next system pulse occurs on their node.
In Version 4, changes to an access group affected only those requestors who logged in after the change. Active requestors were not affected.
Using the optional security audit feature, your application can present in the History display which values were added, updated, or removed from the data object, for selected data classes. See How to enable security auditing for rule or data changes.
Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.
If you update the pega.BROWSER requestor type to reference a different access group, or update the PRPC:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully the Authenticate? checkbox on the Security tab of each activity in the RuleSets. Select this checkbox for all but those specific activities that guests need to run.
As you develop applications and operate your system, the SmartPrompt feature displays those rules that you have access to. When completing an access group form, choose rules (for the Default Portal Layout and Access Roles fields) that the operators associated with this access group at runtime can access. Rule visibility for these operators is determined by the application rule listed on the Layout tab of their access group or groups. Their RuleSet list may contain fewer RuleSets and Versions — or different RuleSets and Versions — than your own RuleSet list.
To change access groups programmatically, a requestor can call an activity that uses the PublicAPI function getAuthorizationHandle(), and then applies the Java method setCurrentAccessGroup().