Current user is not authorized for privilege 'pxViewLimitedForm' for Rule-Obj-Class Data-Admin-Operator-ID.
Users with PegaRULES:SysAdm4 role are unable to open any Operator ID instance. This pega role has not been modified. In tracer, while opening the rule, there is an Event Type of Access Denied where the step shows - Current user is not authorized for privilege 'pxViewLimitedForm' for Rule-Obj-Class Data-Admin-Operator-ID.
Getting the below error.
 |
|
Pegasystems
US
I looked at a typical usage of the pxViewLimitedForm privilege, namely the post condition of step 9 of the WBOpen activity. Here's a picture of it:
That example shows that if the user holds pxViewLimitedForm, then fine, but if not, then other privileges are checked. For instance, notice it then checks UpdateLimitedForm, and if the user doesn't hold that privilege either, then it looks at the OpenDeveloperForm.
I then looked at the PegaRULES:SysAdm4 role, and it does NOT have pxViewLimitedForm and does NOT have UpdateLimitedForm, but it DOES have OpenDeveloperForm.
If you log in as one user who is not able to open operator ID instances, try logging in as administrator@pega.com and see if you can open the operator ID instances from there. If so, trace both, starting with a high altitude, and compare to see where the traces differ. By high altitude, I mean, do something like trace activity entrances and exits, and not all the indivitual activity steps and when-rules, so you have shorter traces to compare.
Once you see where the traces differ, you can compare lower altitude traces since you will know which activity the traces deviate from each other in. /Eric
I looked at a typical usage of the pxViewLimitedForm privilege, namely the post condition of step 9 of the WBOpen activity. Here's a picture of it:
That example shows that if the user holds pxViewLimitedForm, then fine, but if not, then other privileges are checked. For instance, notice it then checks UpdateLimitedForm, and if the user doesn't hold that privilege either, then it looks at the OpenDeveloperForm.
I then looked at the PegaRULES:SysAdm4 role, and it does NOT have pxViewLimitedForm and does NOT have UpdateLimitedForm, but it DOES have OpenDeveloperForm.
If you log in as one user who is not able to open operator ID instances, try logging in as administrator@pega.com and see if you can open the operator ID instances from there. If so, trace both, starting with a high altitude, and compare to see where the traces differ. By high altitude, I mean, do something like trace activity entrances and exits, and not all the indivitual activity steps and when-rules, so you have shorter traces to compare.
Once you see where the traces differ, you can compare lower altitude traces since you will know which activity the traces deviate from each other in. /Eric