More about Access Group data instances
 

  1. About 
  2. New 
  3. Layout 
  4. Settings 
  5. Associations 
  6. History 
  7. More... 

When effective

NoteAfter you save an Access Group form, active requestor sessions on the current node that are associated with that access group are immediately updated. Requestors at other nodes in a cluster are updated when the next system pulse occurs on their node.

OldIn Version 4, changes to an access group affected only those requestors who logged in after the change. Active requestors were not affected.

Security audits

Using the optional security audit feature, your application can present in the History display which values were added, updated, or removed from the data object, for selected data classes. See How to enable security auditing for rule or data changes.

Facilities provided to unauthenticated (guest) requestors

Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.

CautionIf you update the pega.BROWSER requestor type to reference a different access group, or update the PRPC:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully the Authenticate? check box on the Security tab of each activity in the RuleSets. Select this check box for all but those specific activities that guests need to run.

Notes

As you develop applications and operate your system, the SmartPrompt feature displays those rules that you have access to. When completing an access group form, choose rules (for the default Portal and Roles fields) that the operators associated with this access group at runtime can access. Rule visibility for these operators is determined by the application rule listed on the Definition tab of their access group or groups. Their RuleSet list may contain fewer RuleSets and Versions — or different RuleSets and Versions — than your own RuleSet list.

Advanced featureTo change access groups programmatically, a requestor can call an activity that uses the PublicAPI function getAuthorizationHandle(), and then applies the Java method setCurrentAccessGroup().

Definitions access group, application rule, organization, timeouts, work pool
Related topics About Operator ID data instances
About Class Group data instances
Org & Security category — Organization landing page
Standard rules Atlas — Initial Access Groups

UpAbout Access Group data instances