Question
Restrict users from modifying access roles
I would like to restrict certain end users from modifying operator IDs, access groups and access roles.
For the first two, I am able to achieve it by setting up the AROs as below:
However I am not sure how to restrict for access roles. I tried modifying the ARO under Rule-Access-Role-Name and Rule-Access-Role-Obj but it didn't work. Can anyone advise on the correct class?
***Edited by Moderator: Pallavi to update platform capability tags***
Thanks, I'm trying that. I already set the Write/Delete access controls of Rule-Access-Role-Obj to 0 in the clone of the SysAdm4 access role. However in another access role that the operator has, the Write/Delete access controls of Rule-Access-Role-Obj is set to pzModifiedAllowed or 5. Is there a way to make the ARO in SysAdm4 take precedence? Or do I really have to modify the other access role as well (ie. set Write/Delete to 0).
Update: I modified the access controls for Rule-Access-Role-Obj in the other Access Role and already set it to 0, yet the user is still able to modify access roles. Am I missing something?
Hi
As you have mentioned there are multiple ARO's , then yes the behaviour is correct. It doesn't really matter if you just clone one.
Not sure if there is a way to make one role take precedence.
One question here is , how do the end users update the Operator ID ? Have you created a customized UI or any other thing? May be we can see if there is any other way to achieve this which is less cumbersome than updating all the ARO's.
Regards
Bhavya
Hi
Most of the privileges are part of PegaRULES:SysAdm4 Access Role. You can refer that and create a new role by saving as that and updating the Access classes as required,
Regards
Bhavya