Posted: 9 Aug 2017 9:29 EDT Last activity: 21 Aug 2017 4:50 EDT
[URGENT] Case dependency, data propagation and access management
I have a customer use case with wait shape configured with case dependency waiting for all created cild cases to be completed to continue.
We have implemented an option of confidential case in order limit the access to parent case especially for users working on its child cases.
The issue is that if the case is set as confidential, the user performing the sub case can't complete his case and he is getting the message:
** You are not authorized to open instance XXNameOfTheParentInstanceXX
Which is normal as per the the access manger configuration.
But the access is needed, for the code executed to propagate child data to parent (using an activity that open the parent work objectand set properties on it) and to let wait shape dependency work correctly.
So the question is, could we differentiate user access on portals and code executed by user when running sub cases ?
A quick response is very welcome !
***Edited by Moderator Marissa to update categories***
This is a very common problem for Parent-Child dependency network. If you have added Access role to object then Pega won't allow user to update parent case on completion of child case. This is as per Pega OOTB security. What is the value of pxRequestor when your activity is being executed to update parent? Is it via agent?
In this situation I have used access when in the flow action rule to restrict user to access the parent case through portal. Also you have option to restrict access of workbasket as well. Alternative approach only :)