Question

2
Replies
333
Views
TSUCK Member since 2010 126 posts
PEGA
Posted: March 3, 2017
Last activity: March 6, 2017
Closed
Solved

Precedence of ARO

Hi,

Scenario (1)

I have cloned Access Role Name (Rule-Access-Role-Name) from out-of-the-box role (PegaRULES:WorkMgr4) and there I had added our application specific Work class ARO (i.e. MyCo-MyApp-Work-PurchaseRequest class). When I give 0 or false by Access-When for this class ARO, user can NOT able to open an instance of this PurchaseRequest class. This behavior is expected.

Scenario (2)

Now, we are trying to segregate our application specific access role from out-of-the-box and I have taken out and created a new ARO which has only a row of MyCo-MyApp-Work-PurchaseRequest class. In an access group I gave this new access role plus PegaRULES:WorkMgr4 access role. My expectation is this works just the same as above scenario (1) but it is not. When I give 0 or false by Access-When for this class in new ARO, user is still able to open a work object of this class. I have not customized anything other than our PurchaseRequest work type class.

PegaRULES:WorkMgr4 access role name has full access 5 in Work- class but in my understanding, this Work- access control should be ignored because ARO has more specific PurchaseRequest work class. That is why I believe Scenario (1) is behaving like expectation. Why scenario (2) does not behave this like this? Having one access role and two access roles for the same definition make any difference? Am I missing anything?

***Updated by moderator: Lochan to add Categories***

Data Integration System Administration
Moderation Team has archived post
Share this page LinkedIn