Posted: 19 Feb 2019 8:44 EST Last activity: 3 Apr 2019 5:07 EDT
Dynamically updating .pxUserRoles Value List during ApplicationProfileSetup Activity
I am setting up the access model for my implementation and I would like to use the 'ApplicationProfileSetUp' activity to dynamically update the current users access roles by added access roles into the pxSecuritySnapshot.pxUserRoles.
This has worked so far but I wanted to ask the LSA community if there are other methods that I should be considering to allow an outside SOR to control role/permission of the operators?
Enterprise wide implementation with 50,000+ users. Application stack including single Framework, with 5 different applications built upon FW (1per development team, to allow for independant deployments), finally an 'envelop' application at the top that is built on the 5 development team applications. Cases: there will probably be 30+ case types with majority of code in the RS of the development team applications. Users: require different levels of access depending on case type, don't neatly fall into single worker, manager, roles as one will need to act as worker for one case type but may need to be manager level ofr a different case type.
For some background, I sent Roman a document that was put together a long time ago that describes how to dynamically set roles and privs using a outside source/attributes to drive the settings (attached). If there is a better/more efficient technique to achieve this end, we'd appreciate your sharing!
In our application we have similar usecase where we have some external system in which employees have to register against our application name with the applicable roles.
when we do Authentication using site minder, we make a call to that external system and bring all the roles mapped against our applicaiton. this is doing by customizing setupAuthenticationProfile activity. Once we get the roles, by using Decision table we map each role to some AccessRole in our pega application. Add all those Accessroles to pxsecuritysnapshot. using these accessroles to provide access to different functionalities in application based on the role registered in the external system.
Do you have any problems working with Standard agents?
As I understand, when the user authenticted the set of access roles contains roles from Access group and dynamically added Access roles.
When user queues a task for Standard agent, his Access group is provided to agent. But not whole security snapshot? When the agent will try to complete the task it can fail because of missing access roles in runtime.