Question
Last activity: 1 Jul 2016 13:25 EDT
Check if there is a better solution to the DEFAULT ACCESS GROUP problem
Hello,
We have an operator X who has many access groups and only one access group set to be the default.
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
We came up with the following solution:
change the default access group according to the application we are using and it worked.
My question is:
Is there a more relevant solution ???
Thank you in advance
Mariane
Message was edited by: Lochan to add Category
The operator is defined under Org &s Security-> Organization -> Operators.
Let me please reformulate my sentence:
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
Please let me know if you need more clarification.
Thank you
Mariane
Please note that I have seen in a similar issue, it was suggested to apply HFix-27500 to solve the problem. Do you believe applying this hot fix can be a solution to my problem ?
The hotfix has to do with localization. I dont think this hotfix will work. Anyways you could give it a try. From where you got the suggestion to apply hfix?
Thank you, I got it from this link:
https://pdn.pega.com/support-articles/localization-tool-can-only-translate-default-application
Since the resolution was to either perform a local change by setting the application that requires translations to be the operator default or apply the hot fix, I assumed that the hot fix had to do with the operators and default access groups.
Thank you for your answer
Hi Mariane
How do we know if a specific operator want to login with a specific default access group (from a list of access groups) at time of login? Are you passing it as a param during the login?
"change the default access group according to the application we are using and it worked."
As per my understanding, Application is related to a access group but not vice versa. Could you please elaborate how you are setting a default access group based on application. I am trying to understand how do we know what application I need to access during login?
Thanks
Sam
I am using the user (operator) for authentication only, and that operator has many access groups and one default access group.
Let me please reformulate my sentences:
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
Please let me know if you need more clarification.
Note that I have seen in a similar issue, it was suggested to apply HFix-27500 to solve the problem. Do you believe applying this hot fix can be a solution to my problem ?
Thank you
Mariane
For what it's worth, this article (https://pdn.pega.com/running-all-data-page-unit-test-cases-execute-tests-service/running-all-data-page-unit-test-cases) on Pega 7.2.1 mentions an optional Access Group parameter to switch the operator context to a non-default access group. I've seen this functionality in other OOTB code as well (EstablishContext in System-Queue-ServiceLevel, for example). It's possible that you could build similar functionality into your own REST activity and allow the operator to specify the access group context under which he/she runs the service.
Thank you Chad for the link. It was very helpful
I have a followup question. I am passing an access group in the URL as a parameter (it is not the default one but it is one of the access groups the operator has access to).
It is not generating a Bad Request but it is still taking the default access group and not the one passed in the URL.
(I also tried adding the accessgroup in the HTTP Headers and not just in the URL and it is still taking the default access group).
Any ideas of why this is happening ?
Thank you in advance for your help
Mariane


Pegasystems Inc.
IN
- below is the line of code which helps in switching the access group specified at operator ID rule form.
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, targetAG,true);
- please refer step#9 of RULE-OBJ-ACTIVITY CODE-PEGA-LIST PZVALIDATEINPUTS [Pega-AutoTest:07-10-25]
- OR
- please refer step#9 of RULE-OBJ-ACTIVITY CODE-PEGA-LIST PZVALIDATEINPUTS [Pega-AutoTest:07-10-25]
- step #6 in RULE-OBJ-ACTIVITY @BASECLASS REDIRECTANDRUN
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, sAccessGroupName,bAllowAccess);
- bAllowAccess parameter should be passed as 'true'
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, sAccessGroupName,bAllowAccess);
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, targetAG,true);
Is the operator a service operator or an end user? Can you clarify what you mean by "make calls"?