Kensho Tsuchihashi (KenshoTsuchihashi)
Project Delivery Leader
Pegasystems Inc.
KenshoTsuchihashi Member since 2010 141 posts
Posted: March 3, 2017
Last activity: March 6, 2017
Posted: 3 Mar 2017 0:26 EST
Last activity: 6 Mar 2017 23:13 EST

Precedence of ARO


Scenario (1)

I have cloned Access Role Name (Rule-Access-Role-Name) from out-of-the-box role (PegaRULES:WorkMgr4) and there I had added our application specific Work class ARO (i.e. MyCo-MyApp-Work-PurchaseRequest class). When I give 0 or false by Access-When for this class ARO, user can NOT able to open an instance of this PurchaseRequest class. This behavior is expected.

Scenario (2)

Now, we are trying to segregate our application specific access role from out-of-the-box and I have taken out and created a new ARO which has only a row of MyCo-MyApp-Work-PurchaseRequest class. In an access group I gave this new access role plus PegaRULES:WorkMgr4 access role. My expectation is this works just the same as above scenario (1) but it is not. When I give 0 or false by Access-When for this class in new ARO, user is still able to open a work object of this class. I have not customized anything other than our PurchaseRequest work type class.

PegaRULES:WorkMgr4 access role name has full access 5 in Work- class but in my understanding, this Work- access control should be ignored because ARO has more specific PurchaseRequest work class. That is why I believe Scenario (1) is behaving like expectation. Why scenario (2) does not behave this like this? Having one access role and two access roles for the same definition make any difference? Am I missing anything?

***Updated by moderator: Lochan to add Categories***

Data Integration System Administration
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.