Press "Enter" to skip to content

Configure an access group in Pega

34

Introduction

You might have come across some websites which look different based on the region from where you logged in.

A website in US may look different from the same website in India.

Scenario:

  • You have created a new travel website and you are the admin.
  • So when you login the website, you can update the portal, design, settings and control the website.
  • When other people login, they can only see the contents in the website. They cannot modify any of its settings like the theme.

Here, the only input we get is Login ID. From the login ID, we need to decide which application or which contents we need to display to the user.

Also, imagine like the website is hosting several applications like games, news, chat etc.,. Based on your User ID registration, you can access different applications.

Let us come to our Pega. Pega system can host multiple applications.

  • Say Amazon organization opted to use Pega.
  • We implement different applications for different divisions.

Say there are 3 divisions in Amazon and we have 3 separate divisions:

  1. Sales
  2. Service
  3. Marketing

The Customer Service representative – Call center agent need to access their respective application.

This can be decided by the Pega OperatorID.

So when an User logins Pega, we need to determine which application he/she wants to have access.

What is an Access group?

  • It is an authorization rule which determine, which application an Operator can access.
  • You can also specify which portal we need to display for User.
  • Each access group can contain one or more access roles.

Think Access role is a granular part of access group. Access role will be explained in next lesson.

How Pega Authorization works?

  1. OperatorID specifies Access group.
  2. Access group specifies one or more access roles.
  3. Each Access role can specify one or more access role to Objects.

Access role to objects – Objects here refer to class instances. It means controlling access to particular class instances.

4. You can specify certain privileges to Access role to Objects.

How do we configure an access group?

  • Access group belongs to security category.

Access group can be created by one of the following ways:

  1. While creating a new application, You can preview and check those records.

  1. Manual creation.

Create a new access group.

Access group form contains 3 main tabs.

  1. Definition
  2. Advanced
  3. Operators

Definition tab

You can specify the application name, portal & access roles.

Application

Name – Specify the application name.

Version – Specify the application version.

Available portals

  • You can list the portal name here.

  • Only one portal will be active at a time.

As soon as you login, this is the portal the user sees first.

Available roles

  • You can list the Access role names here.

  • One access group can contain multiple roles and the order is not significant.

Advanced tab

Work Pools – You can specify the work pools here.

Each class group can be called as work group.

Note: If this array is left empty, then the operator cannot CREATE any case.

Access Control

a) Authentication timeout – Specify the seconds, after which the system challenge the idle browser sessions to re-enter the password. Security purpose.

b) HTTP/HTTPS home directory – webwb. Keep it as default.

This is the directory which contains scripts, style sheets and images.

c) Rule security mode

  • This setting is mainly used to have control on rule security.
  • A rule can be secured by providing privilege to that rule. So only users who have those privileges can access those rule.

There are three types in rule security mode:

  1. Allow – This is the default mode.

Privilege specified in rule form – Rule gets executed only when the user have the same privilege.

Privilege not specified in rule form – Rule gets executed.

  1. Warn

Privilege specified in rule form – Rule gets executed only when the user have the same privilege

Privilege not specified in rule form  – Pega checks if the user has the privilege.

For Ex: A privilege is added in ARO (Access of role to Object) for Object ‘Rule-Obj-Activity’ and this ARO is associated with the user. It means privilege is added in the User role, but not in the rule form.

On selecting this, pega logs a warn error message in pega logs, but executes the rule.

  1. Deny

Privilege specified in rule form – Rule gets executed only when the user have the same privilege.

Privilege not specified in rule form – Pega checks if the user has the privilege. If yes, then pega writes the error message in logs and deny executing the rule.

Run time – Configuration

a) Enable accessibility add-on

What is accessibility in Websites?

  • Pega supports accessibility to enable people with disabilities to equally access the website.
  • Enable this for particular access group which represents people with disabilities.
  • PegaWAI rulesets support rules that provide accessible features.

b) Enable offline support This is a special feature of Pega mobile. Enable users to access Pega application in mobile without internet.

c) Production rulesets – You can specify the rulesets which can apply only for the users belonging to the access group.

Note: Adding rulesets here will not be part of the application. You cannot see this ruleset in the application rule form. At run time, these rulesets appear at top of the application rulesets.

Design Time Configuration

There may be some business functionality, where a manager or BA can create new rules from the user portal. For example, ‘reports’. Managers can create new reports – Means at back end they create report definition rules etc.,.

They may end up with error, if we don’t specify any rulesets under design time configuration.

a) Default destination ruleset – Ruleset name.

b) Version – Versioning number.

So when a user tries to create a new rule, Pega suggests this ruleset. You can create rules in this ruleset at run time.

Note: Remember to have the ruleset version unlocked.

Operators tab

It just lists all the operators that belong to this access group.

How do you check the access group of a particular operator?

1. Use tracer when you login.

Usually we trace the process the operator performs after logging into Pega. Let us trace now trace the requestor from the login page.

Step 1: Open the pega site and wait in the login page.

Step 2: Open pega using different operator ID.

Step 3: Designer studio -> System -> Operations -> SMA. Open the SMA.

Step 4: Open requestor management and select the requestor starts with ‘H’, Username – None, Application – pega application.

Step 5: Select the radio button and start the tracer.

Step 6: Now log in using valid operator ID.

Pega uses two activities to prepare the operator with all the system pages.

Code-Security.InitialProfileSetup

Code-Security.ApplicationSetup

2. Check the clipboard.

You can verify the access group page under system pages category.

We are at the end of this post.

We will dive deep about ‘Access role, ARO & privilege‘ (http://myknowpega.com/2017/05/15/67/) in the upcoming posts 🙂

  1. Rajesh C Rajesh C

    gud one, too much info at a single short….waiting for more

    • Premkumar G Premkumar G

      Thank you so much. Please subscribe and stay tuned for more posts.

  2. Reefa Khan Reefa Khan

    i like very much about this page Carryon…

    • Premkumar G Premkumar G

      Thank you so much. Please subscribe and stay tuned for more posts.

  3. Bhavani.G Bhavani.G

    It is very helpful to us ,thanks for this

    • Premkumar G Premkumar G

      Thank you so much. Please subscribe and stay tuned for more posts.

  4. Navojit Ray Navojit Ray

    I like this Post It’s pretty simple, well descriptive and very easy to understand with real life scenario

    • Premkumar G Premkumar G

      Thank you so much. Please subscribe and stay tuned for more posts.

  5. Amar Amar

    Its very good article Prem

    • Premkumar G Premkumar G

      Thank you so much, Amar. Please subscribe and stay tuned for more posts.

  6. bhagiradha bhagiradha

    Good Explanation Prem

    Keep Posting

    • Premkumar G Premkumar G

      Thank you so much for your appreciation. Please subscribe and stay tuned for more posts.

  7. Podilapu Podilapu

    Hi Prem ,

    I’m going through all the articles in your blog.It really impressive.

    Thank you

    • Premkumar G Premkumar G

      Thanks Podilapu. You can subscribe and stay tuned for new posts.

  8. Anand Anand

    In AccessGroup, if the Rule Security Mode is ‘Deny’ &
    the privilege was NOT specified on rule form, Pega checks if the user has the privilege

    If NO, pega writes error message to the logs & deny rule execution

    But you had specified other way around. Please clarify

    • Premkumar G Premkumar G

      Hi Anand, thanks for pointing it out. Updated those lines. Thanks again 😊

  9. udhay udhay

    Detailed explanation prem…Thanks for the post !!!

    • Premkumar G Premkumar G

      Thank you so much, Udhay 🙂 And welcome.
      Happy to hear that you like it. 🙂

  10. pradeep pradeep

    Hi Prem,

    More informative.
    Can we have a post on ruleset.

    • Premkumar G Premkumar G

      Hi Pradeep,
      Thank you for your kind words.
      Yeah Pradeep, sure. I’ve noted it down. I’ll try to post it soon. 🙂
      Stay tuned. 🙂

  11. Rupesh Rupesh

    Hi Prem,

    Can you please clear the below queries.

    1)”Enable Access Add-on ” can you please explain this check box once again, here “people with disabilities” means what?

    2)In PegaWAI ruleset, what kind of rule it consists of? -> i just understood it contain the rule which provide access to people with disabilities.

    Thanks
    Rupesh M

    • Premkumar G Premkumar G

      Hi Rupesh,

      There are some standards like every people should be given equal rights in accessing an application.
      People with disabilities refer blindness, low vision, hearing loss, photosensitivity etc..
      Pega provides the PegaWAI ruleset to support these special people to access the application with ease.
      For eg. You can provide modify the skin to apply dark colors in PegaWAI ruleset. this ruleset will then be added to access group of people with color sensitivity disabilities.

      Please go through pega UI specialist course for more details.

  12. Pradeep Pradeep

    Hi Prem,

    How can we restrict a ruleset to an operator?

  13. Mansur Mansur

    Hi,

    Please can you tell me the difference between application mode and validation mode?

  14. Muniraj Muniraj

    Hi Kumar,

    Very nice! much appreciated for your time and effort for posting the details with screen shot and with example.

    can you please explain and post on harness rule?

    Thanks
    Muniraj

    • Premkumar G Premkumar G

      Hi Muniraj,

      Thank you so much for heartwarming appreciation. 😀
      Yeah Muniraj, many people have asked for it. I’ll post about it soon. Stay tuned. 🙂

      Regards,
      Premkumar G

  15. Sathish Sathish

    Each class group can be called as WorkGroup. Is this statemnet right. if please can you elaborate

    Thank you in Advance

  16. Srikka Srikka

    HI PREM,

    Great work PREM lot of useful info had been provided by your end.

    Even my friends are enjoying your posts a lot(they appreciate you because before they are unable to form info in a proper way, but now they are happy to get the right info.

    Regards,
    Srikka

  17. Srikka Srikka

    HI PREM,

    Great work PREM lot of useful info had been provided by your end.

    Even my friends are enjoying your posts a lot(they appreciate you because before they are unable to form info in a proper way, but now they are happy to get the right info).

    Regards,
    Srikka

  18. Hussain Hussain

    Hi Prem,

    its really nice explanation, appreciated your hard work in this.This blog is very help full to gain the knowledge.
    Please post on security concepts like, LDAP and SSO.

    Thanks,
    Hussain

  19. ANITA ANITA

    Hi Kumar,

    Can you please expalin more about work Pool

  20. Shashi Shashi

    I really enjoy and also get excited to learn from your posts …

    the way you explains the topics is really far better than videos and real time tutors

    • Premkumar G Premkumar G

      Thank you so much for your appreciation, Shashi. 🙂
      I’m feeling happy and motivated. 😀
      Thank you so much. 🙂

  21. khan khan

    Best place to learn Pega for new developers. We appreciate your effort and commitment to this blog. Can you post about rule Resolution when you get a chance.
    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!