Support Article
Prevent SystemArchitect make themselves a System Administrator
SA-2485
Summary
PRPC Administrators wish to know how to prevent PRPC developers with the default SystemArchitect access group from adding the administrator access group to their own Operator IDs.
Resolution
This behavior is because the default access group "PRPC:SystemArchitects" includes the role "PegaRULES:SysArch4" which permits access to (among other things) instances of Data-Admin-Operator-ID.
To change this, a System Administrator should create Access Groups and Roles as needed to meet business security requirements. More information regarding the Pega 7 Access Manager is available here: https://pdn.pega.com/security/access-manager-getting-started
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.