The CLSA Architecture Application Build exam consists of 3 to 6 questions of varying complexity which evaluates the ability of a candidate to develop and architect solutions using the PEGA platform. Please refer to the Exam preparation guide for further details.
Question 4 from a retired exam scenario is attached to this post. You are encouraged to work through this question by collaborating in this discussion thread. A solution will not be provided.
It is estimated that a candidate proficient in design and implementation would be able to complete this task in 4 hours.
The starting point migration file for this first retired exam is called Booking_20171102_10000.zip and can be downloadedhere.
.... I just saw that I used the NEW starting point... So not sure which rules were available and which not.: However here are my awnsers with the new starting point in mind :
1: My first idea would be to assign a privilege to the Executive Officers Roles and add these to the reports. However there are no specific Executive Officers Roles. Starting point would then to create these specific roles, by copying a Booking:Manager Acces Role.
2: Attribute based acces control to view the profit field only when current accesgroup is Executive officer. Or use a when condition on every field to perform the same check. Harder to maintain.
Pricing is handled in dec-table Pricing. However there seems to be some incomplete rules. Base Pricing is not in the FinalTotalPrice, Is this something we should fix??
3: Create a property to hold the Approved boolean. We will then show a read-only section of the Quotation Event information in stage Quotation.
--> I am not sure if updating the event information is the same as Change stage to Quotation. As changing the event info would also trigger underlaying calculations and possibly require a new client response.
Other wise we could also create a flowwide local flowaction to do the same, that only executive officers can start.
4: Creating a delegate decision table, that is editable in the managers portal. Not sure how to only make it availble for executives
5: I dont get the CEO part in this question?
So you can only access <10.000 Asign-WorkList items from your peers?
6: For the worklist we can can circumstance based on accesgroup or Operatior Position and adjust the report definition.
However there seems to be some incomplete rules. Base Pricing is not in the FinalTotalPrice, Is this something we should fix??
Yes there is an issue with the calculation of the Pricing, Cost & the Profit. We need to update the ComputeTotals DT & add the below components as well in step 2 -> .Pricing(ParkingService).DiscountedPrice + (.NumCarsParked * .Pricing(CarPark).DiscountedPrice) + .Event.Pricing(HotelService).DiscountedPrice + .Event.Pricing(Base).DiscountedPrice
If we dont do that then price is not calclated correctly & profit is also coming up as negative.
Yes This can be achieved using ABAC. We can create Access Policy Condition to check whether assignment is assigned to Facility Coordinator or not . We create Access Control policy at Assign-Worklist level with action as read . This can be achieved easily using ABAC. I can be achieved using RBAC as well. In ARO of Assign-WorkList class in Facility Coordinator access role , we create a access when to check the required condition and allow the access bases on that. But ABAC is recommended as it is easy to configure and does not require any additional role.
Please let me know if you have any other better approach. That will be very helpful.
Can anyone recommend how we can debug ABAC? For this question I'm attempting to put an Access Control Policy on the profit property. But it doesn't work and in the tracer I don't see any of my rules running.
I believe you need to create the Access Control Policy with the applies to class set to that of the FSG-Booking-Work-Event case type. You can then mask the property by referencing the embedded page .Event.Profit .
3) Ensure that only Executive Officers are allowed to update Event information after an Event is approved
This can be implemented as explained below.
We can create a property name "QuoteApproved" at Event class level and this property will be set to true upon approval of the quote by Executive officer.
We will have a case wide local action to update the case/event details , We can use pyUpdateCaseDetails OOTB flowaction . This flow action can be conditionally available to only Executive officers. Whenrule checks whether User is a Executive Officer by checking ExcutiveOfficer access group on operator page and QuoteApproved property on the event case.
Please let me know if anyone else has a better approach than this.
1. According to the Front Stage Scenario Requirements, executive officers have two reports. The first one lists the events with revenue, cost, and profit. The second report shows profit by event type. Ensure that only Executive Officers are allowed to access, view, and run these two reports. Executive officers should be able to create new custom reports using standard features.
Proposed Approach: To create a Privilege to Read Report and apply them to the reports.
2. Add a Profit Field to all the forms that display Event information and ensure that only Executive Officers are allowed to view the Profit Field. Refer to Appendix B for a summary of Event costs and Appendix C for a summary of Event pricing.
Proposed Approach: Used ABAC on the Profit property and restricted access only to Executives using their Access Group.
3. Ensure that only Executive Officers are allowed to update Event information after an Event is approved.
Proposed Approach: Used ABAC to Provide access, Restricted access to non-Executives if they are not in Quotation or Assignment stages.
4. Ensure that only Executive Officers are allowed to update the fixed, hotel, and parking related Internal Costs as described in Appendix B associated with Event Bookings. Please note that if no mechanism exists for maintaining these costs you will need to develop it as part of the new version of the application.
Proposed Approach:Created Decision tables and Delegated them to to Executives.
5. Sales executives can view and access work from other sales executives (but only other sales executives). The same is true for executive officers and event managers. However, it must not be possible to access work on peers’ worklists that are related to events with more than 10,000 attendees and, therefore, go directly to the CEO for approval.
Proposed Approach:: Used ABAC to Always permit CEO, Permit access to cases only if Executives/Sales/Event Managers only if count is <10000 and belongs to their Access group.
6. Facility coordinators can only see their own worklist and the work specifically assigned to them.
Proposed Approach: Used ABAC using Assign-Worklist as the applies to class.
Since there was no mention to address other areas, Solution might not have the complete Implemantion to of routing and Operator/Work group/organization mapping.
Kindly review the solution and the approach and let me know your feedback.
I took the same approach with the #1, with privileges. That just ensure that other AG can't run the report, they can still see that the report exist though. Unless I take away report all together from every role except for executives, how else can we ensure only these 2 reports aren't view/execute while still allowing other roles to create reports?
1. Only EO's are allowed to update the event information after the event is approved. -> I think we can use case stages or assignment status. However, after the event has been approved by executive there's a stage called assignment where we update the EventManager property by executive and some comments are given by the event manager which has got past the executive approval stage. How do we handle this?
2. No access to other's cases if event attendees are more than 10,000. -> Basically, when we define a condition on event case type, How do we know that the case has been assigned to which operator. In Assign-Worklist we don't have attendees information.
-- A user should be able to access the case if its assigned to him irrespective of the count of attendees. For a policy being defined in FSG-Booking-Work-Event how do we know that the case is assigned to him?
-- If we define the policy in Assign-WorkList we know to whom the case has been assigned and we should let others access the case only if the count is < 10,000. Where do we get this info from?
I registered for LSA app build examine. I have a few questions about the policy. They are the following:
1). The total time span is 3 days. Each question is allotted an estimated time to complete. Do i have to complete and submit each question within that time frame. Do i get point deduction if i take more than required time to submit. E.g. Q1 is estimated for 3 hours, I instead submit my answer next day. The reason is that i want to avoid half baked solution or go for least time consuming solution even though not optimal one.
2). I found out some requirement ambiguous and can be interpreted differently. How can I ask for clarification and get quickest response. Due to the time constraint, if i could not get clarification in time and decide to make my assumption and provide solution accordingly. Do i still get credit if my assumption turns out to be not right?
1) You have 3 days to complete the entire exam. How you choose to divide up that time is completely up to you. You can work 30 hours or 72 hours. The distribution of marks is in accordance with the estimated time to complete each question therefore it is generally wise to distribute your time according to that guideline.
2) We prefer you would send an email to CLSATeam@pega.com for clarifications. We will usually respond respond within 1 hour however keep in mind the team is based in North America therefore you will receive the quickest response if sent during daylight hours. Generally there is little need for requirement clarification however if you do find yourself in a situation where you have to make an assumption, make sure it does not conflict with the requirements and document any assumptions in the design question document. We will take that into account when grading as long as your assumption is reasonable.
I am doing preparation App Build and went through the Q4 above.
Here is my Proposed approach on the following points.
Point N. 5. I have configured with ABAC and RBAC:
An ABAC to check for Sales, Executives and Event Manager access groups they can access the peers' worklists when #Attendees <= 10000.
If # Attendees > 10000 I use RBAC for case #Attendees > 10000 as below:
An Access Role for related access group that have configuration WorkMgr 4. It checks the Perform privilege be applied conditionally only if # Attendees < 10000. If not they cannot access the peer's worklist assignments (see Attachment).
Point N. 6. Configured the Facility Coordinator with an Access Role with Type User4. This does not have the Perform privilege so can access only his worklist.
For other Points i am mostly aligned as in previous posts
What is the best way to set a skill in assignment at runtime? At assignment shape, it is hardcoded setting. So, if I determine the skill (like English or German) from inputs to the case creation, how to set that as required skill in an assignment? Can this be done without using Assign-NewDefaults activity?
N.B. The actual skill rules are already created. Only skill determination happens at runtime.
I downloaded the start up build and completed the RBAC & ABAC exercise without issue.
Then I tried to define a standalone ABAC scenario that I came up with, outside the context of the exercise and tried to implement, But even a simple ABAC definition is not working with Access Control Poilcy, Access Control Condition & Access When rule. I even made sure EnableAttributeBasedSecurity is set to true. But still no luck.
Is there any other DSS or setting that needs to be enabled prior to ABAC can be tested that I haven't set yet?
I am facing an issue somewhat similar to what Gopinath was facing. On some specific reasons, attributes in an embedded page inside pyWorkPage is not being masked , inspite the application having specific ABAC condition to mask it.
I have attached a document where I have explained the problem. Can anyone let me know what might be the issue here ? Is there something I am missing here ?
The scenario is easy to replicate : just remove the BookingAdministrator Access When Rule from SalesAndExecutives Access Control Policy Condition. After the change, when you login with Admin.Booking, you should not be able to see the Financial information on any Event case, but I can see it.
After delegating the Pricing DT rule to Booking:Executives AG, When I login as Executive Officer, I see the DT in the list but on clicking on Edit, the DT opens in Readonly mode & it shows the lock symbol next to it (The rule is not checked out by anyone & RSV is unlocked). I even tried creating an Access of Role To Object to allow the AG to modify rules of FSG-Data-Event class, but still the same.
I also tried saving the DT rule into an unlocked Production RUleset & adding the ruleset to the Access Group's Production Ruleset list, but still the same behavior. Any ideas?