Skip to main content

Using RBAC to organize and manage access to case attachments

4 Tasks

30 mins

Visible to: All users
Intermediate Pega Platform '23 Security English


Applicants for an open position at TGB must submit a resume as part of the application process. To ensure the security of resumes attached to a candidate Case, resumes must only be accessible by recruiters and HR members.

  • Create a privilege for the User and Recruiter. 
  • Apply privileges to respective Access Roles.
  • Create an attachment category to manage resumes.
  • Add attachment Section in the user interface.

The following table provides the credentials you need to complete the challenge.

Role User name Password
Senior System Architect SSA@TGB pega123!
User User@TGB pega123!
Recruiter Recruiter@TGB pega123!
Note: Your practice environment may support the completion of multiple challenges. As a result, the configuration shown in the challenge walkthrough may not match your environment exactly.

You must initiate your own Pega instance to complete this Challenge.

Initialization may take up to 5 minutes so please be patient.

Challenge Walkthrough

Detailed Tasks

1 Create a Privilege for User and Recruiter

  1. In the Pega instance for the challenge, enter the following credentials:
    1. In the User name field, enter SSA@TGB.
    2. In the Password field, enter pega123!.
  2. In the header of Dev Studio, click Create > Security > Privilege to create the privilege.
  3. In the Label field, enter User.
  4. In the Context section, in the Apply to field, enter or select TGB-HRApps-Work-Candidate, and select the highest available unlocked Ruleset version.
  5. Save the privilege.
  6. Repeat steps 2-5 to create a privilege named Recruiter.

2 Apply the privilege to the Access Role

  1. In the navigation pane of Dev Studio, click Records > Security > Access Role Name to open the instances of the Access Role Name.
  2. Click on HRApps:User to open the existing User Access Role. 
  3. Save a copy of the Access Role name into the highest available unlocked Ruleset version.
  4. On the Role tab, click the Add a row icon to add a new Access Role.
  5. In the Add Access Role Object window, in the Class field enter or select TGB-HRApps-Work-Candidate.
    Add Access role object class selection
  6. In the Access Controls section, enter 5 in all access controls fields.
    User access control
    Note: Entering 5 in all fields provides full access to the User access Role.
  7. In the Privileges section, in the Name field enter or select the User privilege, and in the Level field enter 5.
    User access role privileges
  8. Click Save to save and dismiss the Add Access Role Object window.
  9. Save and check in the Access Role. 
  10. Repeat steps 2-9 to add Recruiter privilege to the HRApps:Recruiter Access Role with the access control details as shown in the following image or table.
    Fields Values
    Read instances 5
    Write instances 5
    Delete instances 0
    Read rules 5
    Write rules 0
    Delete rules 0
    Execute reports 5
    Execute activities 5
    Name Recruiter
    Level 5
    recruiter access controls

3 Create Resume attachment category

  1. In the App Explorer, right-click Candidate and select Create > Process > Attachment Category.
  2. In the Label field, enter Resume.
  3. Click Create and open.
  4. On the Security tab, in the Access control list by privilege section, add the User and Recruiter privileges.
  5. In the User privilege row, select the Create, Edit, View, Delete own, and Delete any check boxes.
  6. In the Recruiter privilege row, select the View check box.
    Access control list privileges
  7. On the Availability tab, clear all check boxes and select the File check box.
    Category attachment types
  8. Click Save to save the attachment category.

4 Add attachment button to the user interface

  1. In the App Explorer, open the CollectProfessionalDetails_0 Section.
  2. Save a copy of the Section into the highest available unlocked Ruleset version.
  3. Add a Dynamic layout under the Embedded Section. 
  4. Add the Attach content control into the newly added dynamic layout.
  5. Next to Attach content, click the View properties icon to open the cell properties window.
  6. In the Cell Properties window, on the General tab, in the Button caption list, select Text.
  7. In the Text field, enter Attach Resume.
    Attach content cell properties
  8. Click Submit to save and dismiss the cell properties window.
  9. Save and check in your work.
  10. Verify that you have no checked out records.
    No checked out records

Confirm your work

  1. Log off as SSA@TGB and enter the following credentials:
    1. In the User name field, enter User@TGB.
    2. In the Password field, enter pega123!.
  2. Advance the Case to the Collect Professional Details Step.
  3. Click Attach Resume to open the attachment overlay.
  4. Select a sample resume file from your desktop.
  5. In the Category field, select Resume.
  6. Click Attach to attach the resume to the case.
    User Attach files view
  7. Click Submit to complete the Collect Professional Details Step.
  8. Progress through the Collect Education Details and Collect Work Sample Steps.
  9. In the Files & documents section, click the More icon and verify that Download and Delete options are displayed.
    User files and documents
  10. Advance the Case past the Submission Stage to route the Case to the RecruitingWB Work Queue in the Conduct phone screen Step.
  11. Note the candidate Case ID for future reference.
  12. Log out of the Pega instance for this challenge.
  13. In the Pega instance for this challenge, enter the following credentials:
    1. In the User name field, enter Recruiter@TGB.
    2. In the Password field, enter pega123!.
  14. On the Dashboard of the User Portal, click on the circle in the Case volume gadget to access open Cases.
  15. Locate the Case ID from step 7 and click it to open the Case.
  16. In the Files & documents section, click the More icon and verify that only the Download option is displayed.
    Recruiter FIles and Documents

This Challenge is to practice what you learned in the following Module:

Available in the following mission:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice