Role-based access control

Use role-based access control (RBAC) to restrict users from having access to certain UI elements, to performing only certain actions in the UI, or to having any access to a class, based on defined roles and privileges that are derived from the user’s access group. Access groups define the actions that groups of users can do in an application. For example, you can configure a case manager access group so that case managers can approve important cases that are not permitted for other case workers.

The basic components of RBAC are operators, access groups, and access roles. An operator ID represents a user who is permitted to log in to a Pega Platform application.

An access group is a group of permissions within an application. An operator belongs to one or more access groups, depending on what applications and functions the user can access. At any given time, one access group is in effect for a logged-in user.

An access group includes one or more access roles which define what the group can do. The same role can be used in multiple access groups.