Access control
Access Manager
Pega Platform™ provides Access Manager to simplify the configuration of security records. Access Manager presents you with an easy-to-use interface for managing application security. With Access Manager, developers can quickly set or remove permissions for basic tasks, such as creating a case, deleting a case, or running reports. You set permissions for the access roles associated with a particular access group.
When an access group lists more than one role, Pega Platform applies the most permissive setting across all the listed roles. For example, the Manager role has permission to run reports, but the User role does not. If the Manager access group includes both the Manager and User roles, then all members of the access group can run reports.
In the following image, click the + icons to learn more about the Access Manager.
User access varied by system type
During development, you may want to configure more permissive access control to users to support debugging. However, you want to configure more restrictive access control on a production system. You grant permissions on a 1-5 scale, where the value corresponds to a possible production level, as seen in the following table. Specify a value of 0 to deny the action. If the production level of the system matches or is less than the value assigned to the specific permission, then the user is granted permission to perform the action.
For example, you assign a value of 2 to the Clipboard permission for the Manager role. This allows a user who is assigned the Manager role to access the Clipboard on a Development (2) system, but not on a Production (5) system. This avoids the need to reset permissions when migrating an application throughout the development or release cycle.
Production level | Description |
---|---|
5 | Production system |
4 | Preproduction system |
3 | Testing system |
2 | Development system |
1 | Experimental system |
When you update an access control setting in the Access Manager, Pega Platform updates the Access of Role to Object or Access Deny records with a value of either 0 or 5. Access these records directly to specify access control levels other than 0 or 5. The Access Manager indicates the access level on the current system. For example, you set the access control level to 2 for Authors to delete instances of a case type. On a development system, the Access Manager indicates Full Access. On a production system, the Access Manager indicates No Access.
Check your knowledge with the following interaction.