Prevent SystemArchitect make themselves a System Administrator
PRPC Administrators wish to know how to prevent PRPC developers with the default SystemArchitect access group from adding the administrator access group to their own Operator IDs.
This behavior is because the default access group "PRPC:SystemArchitects" includes the role "PegaRULES:SysArch4" which permits access to (among other things) instances of Data-Admin-Operator-ID.
To change this, a System Administrator should create Access Groups and Roles as needed to meet business security requirements. More information regarding the Pega 7 Access Manager is available here: https://pdn.pega.com/security/access-manager-getting-started