Skip to main content

Using RBAC to organize and manage access to case attachments


4 Tasks

30 mins

Visible to: All users
Intermediate Pega Platform 8.6 Security English
This content is now archived and is no longer updated. Progress is not calculated. Pega Cloud instances are disabled, and badges are no longer awarded. Click here to continue your progress in the latest version.


Applicants for an open position at TGB must submit a resume as part of the application process. To ensure the security of resumes attached to a candidate case, resumes must only be accessible by recruiters and HR members.

  • Create a privilege for the User and Recruiter. 
  • Apply privileges to respective access roles.
  • Create an attachment category to manage resumes.
  • Add attachment section in the user interface.

The following table provides the credentials you need to complete the challenge.

Role User name Password
Senior System Architect SSA@TGB rules
User User@TGB rules
Recruiter Recruiter@TGB rules
Note: Your practice environment may support the completion of multiple challenges. As a result, the configuration shown in the challenge walkthrough may not match your environment exactly.

Challenge Walkthrough

Detailed Tasks

1 Create a Privilege for User and Recruiter

  1. Login with user name SSA@TGB.
  2. In the header of Dev Studio, click Create > Security > Privilege to create the privilege.
  3. In the Label field, enter User.
  4. In the Context section, in the Apply to field, enter or select TGB-HRApps-Work-Candidate, and select the highest available unlocked ruleset version.
  5. Save the privilege.
  6. Repeat steps 2-5 to create a privilege named Recruiter.

2 Apply the privilege to the access role

  1. In the navigation pane of Dev Studio, click Records > Security > Access Role Name to open the instances of the Access Role Name.
  2. Click on HRApps:User to open the existing User access role. 
  3. Save a copy of the access role name into the highest available unlocked ruleset version.
  4. On the Role tab, click the Add a row icon to add a new access role.
  5. In the Add access Role Object window, in the Class field enter or select TGB-HRApps-Work-Candidate.
    Add Access role object class selection
  6. In the Access Controls section, enter 5 in all access controls fields.
    User access control
    Note: Entering 5 in all fields provides full access to the User access role.
  7. In the Privileges section, in the Name field enter or select the User privilege, and in the Level field enter 5.
    User access role privileges
  8. Click Save to save and dismiss the Add access Role Object window.
  9. Save and check in the Access Role. 
  10. Repeat steps 2-9  to add Recruiter privilege to the HRApps:Recruiter access role with the access control details as shown in the following image.
    recruiter access controls

3 Create Resume attachment category

  1. In the App Explorer, right-click Candidate and select Create > Process > Attachment Category.
  2. In the Label field, enter Resume.
  3. Click Create and open.
  4. On the Security tab, in the Access control list by privilege section, add the User and Recruiter privileges.
  5. In the User privilege row, select the Create, Edit, View, Delete own, and Delete any check boxes.
  6. In the Recruiter privilege row, select the View check box.
    Access control list privileges
  7. On the Availability tab, clear all check boxes and select the File check box.
    Category attachment types
  8. Click Save to save the attachment category.

4 Add attachment button to the user interface

  1. In the App Explorer, open the CollectProfessionalDetails_0 section.
  2. Save a copy of the section into the highest available unlocked ruleset version.
  3. Add a Dynamic layout under the Embedded section. 
  4. Add the Attach content control into the newly added dynamic layout.
  5. Next to Attach content, click the View properties icon to open the cell properties window.
  6. In the Cell Properties window, on the General tab, in the Button caption list, select Text.
  7. In the Text field, enter Attach Resume.
    Attach content cell properties
  8. Click Submit to save and dismiss the cell properties window.
  9. Save and check in your work.
  10. Verify that you have no checked out records.
    No checked out records

Confirm your work

  1. Log in with user name User@TGB and create a candidate case.
  2. Advance the case to the Collect Professional Details step.
  3. Click Attach Resume to open the attachment overlay.
  4. Select a sample resume file from your desktop.
  5. In the Category field, select Resume.
  6. Click Attach to attach the resume to the case.
    User Attach files view
  7. Save the candidate case ID to a text file for future reference.
  8. Click Submit to complete the Collect Professional Details step.
  9. Click Actions > Refresh to display attachments.
  10. In the Files & documents section, click the More icon and verify that Download and Delete options are displayed.
    User files and documents
  11. Advance the case past the Submission stage to route the case to the RecruitingWB work queue in the Conduct phone screen step.
  12. Log out from the user portal.
  13. Log in with user name Recruiter@TGB.
  14. On the dashboard of the user portal, click on the circle in the Case volume gadget to access open cases.
  15. Locate the case ID from step 7 and click it to open the case.
  16. In the Files & documents section, click the More icon and verify that only the Download option is displayed.
    Recruiter FIles and Documents

Available in the following mission:

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice