Check if there is a better solution to the DEFAULT ACCESS GROUP problem
Hello,
We have an operator X who has many access groups and only one access group set to be the default.
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
We came up with the following solution:
change the default access group according to the application we are using and it worked.
My question is:
Is there a more relevant solution ???
Thank you in advance
Mariane
Message was edited by: Lochan to add Category
Perficient
US
Is the operator a service operator or an end user? Can you clarify what you mean by "make calls"?
Murex
LB
The operator is defined under Org &s Security-> Organization -> Operators.
Let me please reformulate my sentence:
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
Please let me know if you need more clarification.
Thank you
Mariane
Murex
LB
Please note that I have seen in a similar issue, it was suggested to apply HFix-27500 to solve the problem. Do you believe applying this hot fix can be a solution to my problem ?
PEG
PL
The hotfix has to do with localization. I dont think this hotfix will work. Anyways you could give it a try. From where you got the suggestion to apply hfix?
Murex
LB
Thank you, I got it from this link:
Since the resolution was to either perform a local change by setting the application that requires translations to be the operator default or apply the hot fix, I assumed that the hot fix had to do with the operators and default access groups.
Thank you for your answer
Cognizant
US
Hi Mariane
How do we know if a specific operator want to login with a specific default access group (from a list of access groups) at time of login? Are you passing it as a param during the login?
"change the default access group according to the application we are using and it worked."
As per my understanding, Application is related to a access group but not vice versa. Could you please elaborate how you are setting a default access group based on application. I am trying to understand how do we know what application I need to access during login?
Thanks
Sam
Murex
LB
I am using the user (operator) for authentication only, and that operator has many access groups and one default access group.
Let me please reformulate my sentences:
When operator X is on the application of the default access groups, running REST service calls succeeds.
However when operator X is on the application of any access groups he/she has access to, BUT not the default access group, running REST service calls fails !
Please let me know if you need more clarification.
Note that I have seen in a similar issue, it was suggested to apply HFix-27500 to solve the problem. Do you believe applying this hot fix can be a solution to my problem ?
Thank you
Mariane
Perficient
US
For what it's worth, this article (https://docs.pega.com/devops-release-pipeline-overview/running-all-data-page-unit-test-cases-execute-tests-service-pega-721) on Pega 7.2.1 mentions an optional Access Group parameter to switch the operator context to a non-default access group. I've seen this functionality in other OOTB code as well (EstablishContext in System-Queue-ServiceLevel, for example). It's possible that you could build similar functionality into your own REST activity and allow the operator to specify the access group context under which he/she runs the service.
Murex
LB
Thank you Chad for the link. It was very helpful
I have a followup question. I am passing an access group in the URL as a parameter (it is not the default one but it is one of the access groups the operator has access to).
It is not generating a Bad Request but it is still taking the default access group and not the one passed in the URL.
(I also tried adding the accessgroup in the HTTP Headers and not just in the URL and it is still taking the default access group).
Any ideas of why this is happening ?
Thank you in advance for your help
Mariane
Pegasystems Inc.
IN
-
below is the line of code which helps in switching the access group specified at operator ID rule form.
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, targetAG,true);
- please refer step#9 of RULE-OBJ-ACTIVITY CODE-PEGA-LIST PZVALIDATEINPUTS [Pega-AutoTest:07-10-25]
- OR
- please refer step#9 of RULE-OBJ-ACTIVITY CODE-PEGA-LIST PZVALIDATEINPUTS [Pega-AutoTest:07-10-25]
- step #6 in RULE-OBJ-ACTIVITY @BASECLASS REDIRECTANDRUN
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, sAccessGroupName,bAllowAccess);
- bAllowAccess parameter should be passed as 'true'
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, sAccessGroupName,bAllowAccess);
- ((com.pega.pegarules.priv.authorization.PegaAuthorization)prtRef.getAuthorization()).setActiveAccessGroup(prtRef, targetAG,true);