Thank you for the reply. Usually we use privileges to restrict particular rule such as flow, Flow action, Button etc.
I have 2 access groups Manager, User and 2 access roles Manager, User, one for each. created two Access role to object for "TGB-HRApps-Work-BenefitsEnrollment" class for both access roles and set 5 for all Read, Write and all the remaining conditions. So there is no difference here for both Access roles.
So here we have Manager and User Access Groups and User and Manager Access Roles and two Access Role to Object rules one for Manager and one for User access roles.
So, For the above configuration. Both users can only open his work items assigned to him only. If they tried to open another person assigned work item.
They are getting "You are not authorized to perform this assignment."
So, This is expected.
Now I did small configuration change, I created a new Privilege named "Perform" on "TGB-HRApps-Work-BenefitsEnrollment" class and added to the Manager Access role and gave value 5. After this change the Manager able to access the other user(User) assigned cases also and able to submit the cases.
But my Question is how come this is possible and How it is allowing the Manager to able to submit the cases of others with Perform privilege ?
Is Perform is Pega OOTB and will behave like that ?
As per my Knowledge privileges are meant to be for single rule restriction such as Flow, Report Definition etc. If the access roles which has that privilege they can access otherwise they wont.
Please clarify. How the Perform privilege is allowing to update ?