Question
AI4Process
GB
Last activity: 26 Nov 2018 3:59 EST
Change the default access group when operator has no access groups associated
Hi,
When an operator has no access group associated with him an OOTB access group PegaRULES:WorkUsers assigned and PegaSample application is launching.
Is this the default behavior?
Can we have a custom access group assigned to an operator id in this scenario at run time? If yes, can some one provide the place we need to update please?
Thanks,
Veera
Pegasystems Inc.
IN
For administrator role if you delete the access group you can’t login to the application ,below error message will be displayed
Portal is missing or user has insuffient security to open it
If you doesn’t have access group for user or manager they can’t login with their operator ids ,however administrator can launch the portal from designer studio .
Thanks,
Arun
Pegasystems Inc.
IN
So an operator without access group is meaningless .
For changing default access group you can go through below discussion
Thanks,
Arun
Pegasystems Inc.
IN
Hi Veera,
You've raised two questions.
Q1.When an operator has no access group associated with him an OOTB access group PegaRULES:WorkUsers assigned and PegaSample application is launching.
Is this the default behavior?
A. Yes. It's default behaviour as any operator should've the default access group.
As access group is associated with the application and it enables the user to have an access to the particular application. It provides authorisation mechanism for a user to access the application. It's one to one mapping.
Q2.Can we have a custom access group assigned to an operator id in this scenario at run time? If yes, can some one provide the place we need to update please?
A. I am not able to understand what you mean to say about runtime here?
Though, you can add access group to an operator. Open the operator rule, under the "Profile" tab - "Application Access" add the access group.
Though, at runtime Code-Pega-Security.ApplicationProfileSetup activity is called after authentication and before the user's portal is displayed.
But I am not sure whether this activity could be used for dynamically appending with a very chance of negative probability.
Hope it answers your questions, kindly acknowledge by marking this post as answered for larger Pega audience.
Regards,
Asif
AI4Process
GB
Hi Asif,
Thanks for your reply.
Let me add some more details for you to understand the situation.
We have a separate admin team to manage the access to the application. In one scenario admin team are just removing the access group and saving the operator ID (we can save the operator id with out any access group! I believe we can make it mandatory rather than showing a warning.).
When our application was running in 6.3 one user got admin access when he had no AG assign to his user id. We want to handle this so that user should not get the admin access.
However in 7.3 we noticed a default access group PegaRULES:WorkUsers is assigned even though user has none in his operator ID. I feel this is better than providing admin access. But can we associate our own AG so that we can show a custom message to the user ?
Hope this gives you clarification.
Thanks,
Veera
AI4Process
GB
Hi All,
I have tried updating the Code-Pega-Security.ApplicationProfileSetup activity to forcefully set an access group at run time. But no luck. I have updated the pyAccessgroup and pyAccessGroupsAdditional(1) value list but no luck.
Is there any way we can setup an access group to user at run time if he has no access groups assigned to him. Appreciate your help!
Thanks,
Veera
Pegasystems Inc.
SG
Hi Veera,
If an operator is saved without any access group defined, it will default to the access group of the Organization he belongs to. E.g. Suppose the operator belongs to the organization MyOrg / Div /Unit, if no access group is defined, he will default to the access group defined in MyOrg (Data-Admin-Organization rule).
You can thus set a basic access group under the organization rule which can be used by all users defined within the organization who do not have an access group in their operator id.
Regards,
Joseph Tan