Question

6
Replies
2340
Views
 Veera Reddy Saddala (VeeraReddySaddala)
AI4Process
Veera Reddy Saddala
AI4Process
GB
VeeraReddySaddala Member since 2015 22 posts
AI4Process
Posted: June 28, 2018
Last activity: November 26, 2018
Posted: 28 Jun 2018 11:58 EDT
Last activity: 26 Nov 2018 3:59 EST
Closed

Change the default access group when operator has no access groups associated

Hi,

When an operator has no access group associated with him an OOTB access group PegaRULES:WorkUsers assigned and PegaSample application is launching.

Is this the default behavior?

Can we have a custom access group assigned to an operator id in this scenario at run time? If yes, can some one provide the place we need to update please?

Thanks,

Veera

Enterprise Application Development Dev/Designer Studio Security System Administration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 2 years ago
Posted: 28 Jun 2018 16:41 EDT
Arun Kumar Mahanty (Arun_Mahanty)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

For administrator role if you delete the access group you can’t login to the application ,below error message will be displayed


Portal  is missing or user has insuffient security to open it


If you doesn’t have  access group for user or manager they can’t login with their operator ids ,however administrator can launch the portal from designer studio .


Thanks,


Arun
Posted: 2 years ago
Posted: 28 Jun 2018 16:44 EDT
Arun Kumar Mahanty (Arun_Mahanty)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

So an operator without access group is meaningless .


For changing default access group you can go through below discussion


https://community1.pega.com/community/product-support/question/how-designate-default-access-group-operator-through-activity 


Thanks,


Arun
Posted: 2 years ago
Posted: 28 Jun 2018 18:24 EDT
Mohammad Asif Hasan (Asif Hasan)
PEGA
Senior Technical Solutions Engineer
Pegasystems Inc.
IN

Hi Veera,

You've raised two questions.

Q1.When an operator has no access group associated with him an OOTB access group PegaRULES:WorkUsers assigned and PegaSample application is launching.

Is this the default behavior?

A. Yes. It's default behaviour as any operator should've the default access group.

As access group is associated with the application and it enables the user to have an access to the particular application. It provides authorisation mechanism for a user to access the application. It's one to one mapping.

Q2.Can we have a custom access group assigned to an operator id in this scenario at run time? If yes, can some one provide the place we need to update please?

A. I am not able to understand what you mean to say about runtime here?

Though, you can add access group to an operator. Open the operator rule, under the "Profile" tab - "Application Access" add the access group.

Though, at runtime Code-Pega-Security.ApplicationProfileSetup activity is called after authentication and before the user's portal is displayed.
But I am not sure whether this activity could be used for dynamically appending with a very chance of negative probability.

Hope it answers your questions, kindly acknowledge by marking this post as answered for larger Pega audience.

Regards,
Asif
Posted: 2 years ago
Posted: 29 Jun 2018 5:30 EDT
Veera Reddy Saddala (VeeraReddySaddala)
AI4Process
Veera Reddy Saddala
AI4Process
GB

Hi Asif,


Thanks for your reply. 


Let me add some more details for you to understand the situation.


We have a separate admin team to manage the access to the application. In one scenario admin team are just removing the access group and saving the operator ID (we can save the operator id with out any access group! I believe we can make it mandatory rather than showing a warning.).


When our application was running in 6.3 one user got admin access when he had no AG assign to his user id. We want to handle this so that user should not get the admin access.


However in 7.3 we noticed a default access group PegaRULES:WorkUsers is assigned even though user has none in his operator ID. I feel this is better than providing admin access. But can we associate our own AG so that we can show a custom message to the user ?


Hope this gives you clarification.


Thanks,

Veera
Posted: 2 years ago
Posted: 6 Jul 2018 5:47 EDT
Veera Reddy Saddala (VeeraReddySaddala)
AI4Process
Veera Reddy Saddala
AI4Process
GB

Hi All,

I have tried updating the Code-Pega-Security.ApplicationProfileSetup activity to forcefully set an access group at run time. But no luck. I have updated the pyAccessgroup and pyAccessGroupsAdditional(1) value list but no luck.


Is there any way we can setup an access group to user at run time if he has no access groups assigned to him. Appreciate your help!


Thanks,


Veera
Posted: 2 years ago
Posted: 26 Nov 2018 3:59 EST
Joseph Tan (tanj1)
PEGA
Lead System Architect
Pegasystems Inc.
SG

Hi Veera,


If an operator is saved without any access group defined, it will default to the access group of the Organization he belongs to. E.g. Suppose the operator belongs to the organization MyOrg / Div /Unit, if no access group is defined, he will default to the access group defined in MyOrg (Data-Admin-Organization rule). 


You can thus set a basic access group under the organization rule which can be used by all users defined within the organization who do not have an access group in their operator id.


Regards,


Joseph Tan