Support Article
Attachment Category Note privilege not working
SA-21834
Summary
When a new privilege is created to only view/create for Attachment Category Note, the user is still able to delete successfully. This worked in Pega 7.1.5 but not in Pega 7.1.7.
Error Messages
Not Applicable
Steps to Reproduce
- Create an Attachment Category rule.
- Create a privilege rule (CannotDelete) and refer it in the Security tab of the Attachment Category rule, select the check boxes for ‘Create’, ‘Edit’, ‘View’ and clear the checkboxes for ‘Delete’, ‘Delete any’.
- Save the rule.
- Refer the same privilege (CannotDelete) in the Access of Role to Object rule for a Role (PAT:USER).
- Try to delete an attachment by logging in with a user having the Role PAT:USER.
Root Cause
From Pega 7.1.6 the behavior of the Attachment Category security has changed. Leaving an Access control category blank will not Deny Access any more. To grant access to a specific category, a 'Privilege' and/or 'When' rule is used. Similarly, to deny access to a specific category also requires the use of the same.
Resolution
Perform the following local-change:
- Refer a WHEN rule in the attachment category to allow Create’, ‘Edit’, ‘View’ operation by selecting the checkboxes for ‘Create’, ‘Edit’, ‘View’.
- Refer another WHEN rule in the attachment category to deny ‘Delete’, ‘Delete any’ operation by selecting the checkboxes for ‘Delete’, ‘Delete any’.
Published April 13, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.