ARO is empty for Access Role but it is working. Why?
I believe in early version of Pega Platform, when New Application is created, system creates Access Group with AROs which are cloned from out-of-the-box ARO. For example, if I create MyApp application, then it creates MyApp:Users access group. MyApp:Users access group includes one Access Role, which is MyApp:User. If I remember correctly, MyApp:User access role includes whole bunch of AROs which are cloned from PRPC:User4. However, when I created a New Application in Pega 7.4, I see no AROs in MyApp:User. I believe if there is no AROs user shouldn't be able to even log in, but it is working. Why? Is anything changed? Or is this inheriting from somewhere else?
Thanks. I just found out this new feature - here is another question. In prior version, you only were able to clone the existing AROs from other access role as "snapshot". So once you have your own AROs, you could modify any out-of-the-class ARO instance. Now, since it is using Role Dependencies, how would you modify ARO in out-of-the-class? Should I modify OOTB ARO in OOTB access role (I am not even sure if you can do that), or if you add new ARO record in your own access role, that has precedence over OOTB depended ARO?
I believe you will need to add new ARO record on your access role yes. But I don't think it will precedence over OOTB depended ARO. I think it will be another Access on top of the OOTB ones. But I might be wrong I need to double check.
You can always override the OOTB AROs in your own Role. It will supersedes the RARO defined in Dependent role. The advantage you get with role dependency is easy maintainability. Changing in your parent role will impact all the roles which are inheriting from it. Single change will impact everywhere where as with the snapshot approach that you mentioned, you need to make the change in all the roles. Hope this clarifies your query.