Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Configuring an access role

Updated on March 15, 2022

To define a set of permissions within an application, configure an access role.

Before you begin: You must complete the following task before you can configure an access role: Creating an access role by using the rule form
  1. Create an access role, or open an existing access role by doing one of the following steps:
    • In the navigation panel, click RecordsSecurityAccess Role Name and choose an access role from the instance list.
    • In the Dev Studio header, click ConfigureOrg & SecurityToolsSecurityRole Names and double-click a role name.
  2. Optional: To copy permissions from an existing access role into your access role, do the following steps:
    This step removes Access of Role to Object rules that were previously defined for your access role.
    1. In the Clone from field, press the Down Arrow key and select an access role to copy.
    2. Click Clone.
      Result: The Access of Role to Object rules for the Clone from role are copied to your access role (overriding any that you already defined). The new values appear in the Access Class table.
  3. Optional: To inherit permissions from existing access roles without copying them, do the following steps:
    1. Click Manage dependent roles.
    2. To add a role dependency, click Add dependent role, press the Down Arrow key, and select an access role.
    3. To remove a role dependency, click the Delete this row icon.
    4. Click Submit.
  4. To simplify the process of granting operator access to a feature protected by privileges, select Inherit privileges within class hierarchy.
    When this is selected, at run time, the system searches the class hierarchy for Access of Role to Object instances. For more information, see Privilege inheritance for access roles.
  5. To define the permissions that this access role has for various classes, you add, update, or delete Access of Role to Object rules in the Access Class table. When you click an Access Class name or the Add a row icon, a dialog is displayed where you configure the Access of Role to Object rule.
    Standard access roles such as PegaRULES:SysArch4 and PegaRULES:User4 include corresponding standard Access of Role to Object rules, including a rule for @baseclass. Be sure to create a last-resort Access of Role to Object rule at @baseclass so that the class inheritance search always ends successfully.
    1. For a new Access of Role to Object rule, in the Class field, press the Down Arrow key and select a class.
    2. In the listed fields, enter a production level or Access When rule name. At run time, the system evaluates the value to determine whether access is granted.
      For more information about these fields, see Defining permissions by using Access of Role to Object rules
    3. Optional: In the Privileges table, enter one or more privileges. For each privilege, enter a production level or Access When rule name.
      For more information about assigning privileges, see Specifying privileges for an Access of Role to Object rule
    4. Optional: In the Access table, enter one or more settings. For each setting, enter a value.
      For more information about assigning settings, see Defining access settings for an Access of Role to Object rule.
    5. Click Submit.
  6. Click Save.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us