Skip to main content
This content is now archived and is no longer updated. Progress is not calculated. Pega Cloud instances are disabled, and badges are no longer awarded. Click here to continue your progress in the latest version.

Access control

Access Manager

Pega Platform™ provides Access Manager to simplify the configuration of security records. Access Manager presents you with an easy-to-use interface for managing application security. With Access Manager, developers can quickly set or remove permissions for basic tasks, such as creating a case, deleting a case, or running reports. You set permissions for the access roles associated with a particular access group.

When an access group lists more than one role, Pega Platform applies the most permissive setting across all the listed roles. For example, the Manager role has permission to run reports, but the User role does not. If the Manager access group includes both the Manager and User roles, then all members of the access group can run reports.

In the following image, click the + icons to learn more about the Access Manager.

User access varied by system type

During development, you may want to configure more permissive access control to users to support debugging. However, you want to configure more restrictive access control on a production system. You grant permissions on a 1-5 scale, where the value corresponds to a possible production level, as seen in the following table. Specify a value of 0 to deny the action. If the production level of the system matches or is less than the value assigned to the specific permission, then the user is granted permission to perform the action.

For example, you assign a value of 2 to the Clipboard permission for the Manager role. This allows a user who is assigned the Manager role to access the Clipboard on a Development (2) system, but not on a Production (5) system. This avoids the need to reset permissions when migrating an application throughout the development or release cycle.

Production level Description
5 Production system
4 Preproduction system
3 Testing system
2 Development system
1 Experimental system

When you update an access control setting in the Access Manager, Pega Platform updates the Access of Role to Object or Access Deny records with a value of either 0 or 5. Access these records directly to specify access control levels other than 0 or 5. The Access Manager indicates the access level on the current system. For example, you set the access control level to 2 for Authors to delete instances of a case type. On a development system, the Access Manager indicates Full Access. On a production system, the Access Manager indicates No Access.

Note: Access of Role to Object and Access Deny records are covered in more detail in an advanced topic.

Check your knowledge with the following interaction.

This Topic is available in the following Module:

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice