Pega Robot Manager access groups and access roles
Access groups and access roles
Some users in your organization need access to run-time packages from Pega Robot Manager™, while others need access to publish and manage automation packages. There may be users who require access to reports only to analyze performance metrics. In Pega Robot Manager, access groups and access roles determine the permissions or system capabilities of each user in your Pega Platform™ application. A user can be associated with one or more access groups that identify the application. An access group has one or more access roles that define the permissions the user has in that application.
Default access groups
Pega Robot Manager has four default access groups, each with a unique set of permissions intended to map to an expected user function. Each access group contains one or more roles that grant specific permissions. The following table lists the out-of-the-box access groups along with the corresponding roles generated when creating a new Pega Robot Manager application.
|Access Group||Description||Access Roles|
|Administrator||Administrators can perform all actions in Pega Robot Manager. Only these users can deploy packages to the production deployment level.||
|Developer||Developers can publish and manage automation packages.||
|User Admin||User Administrators can manage run-time users and the organizational hierarchy.||
|Runtime User||With attended robotic process automation (RPA), run-time users are case workers who fetch their automation package assignment from Pega Robot Manager. With unattended RPA, run-time users are Robots that process work from assignment types.||
Note: These access groups are a sample proposal. The actual access groups used must be defined and driven by specific business requirements.
Access group modification
You may want to create additional access groups or update existing ones beyond what is provided out of the box, giving you a more tailored set of permissions for users. For example, you may wish to create an access group for provisioning and registering robots without granting full access to the Pega Robot Manager portal. Another use case is to grant user access to reports in Pega Robot Manager but restrict other functionality. You can add a new or update an existing access group with the desired set of access roles to create the appropriate set of permissions.
The following table displays the relevant roles for Pega Robot Manager.
both roles combined grant permission to provision and register robots but does not permit access to the Robot Manager portal
|PegaRobotManager:ReportUser||grants permission to view reports in the Robot Manager portal|
|PegaRobotManager:ReportWriter||same permission as ReportUser role plus access to create and update reports|
|PegaRobotManager:ReportAdmin||same permission as ReportWriter role plus access to update report settings and categories|
You can update the access roles list on the access group definition in Dev Studio. The order of roles is irrelevant unless you enable the Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access check box. Enabling this option causes Pega Platform to search for the necessary access based on the access role list order and stops as soon as access is explicitly granted or denied. By placing the AutomationPackageManagement access role in the first position, you can ensure that access is granted and the other access roles are not evaluated.
Addition of users
Once the list of access groups are defined, you can add users to the application by using the Pega Robot Manager portal. Associate each user to the desired access group using the role drop-down list.