Skip to main content

Pega Robot Manager access groups and access roles

Access groups and access roles

Some users in your organization need access to run-time packages from Pega Robot Manager™, while others need access to publish and manage automation packages. There may be users who require access to reports only to analyze performance metrics. In Pega Robot Manager, access groups and access roles determine the permissions or system capabilities of each user in your Pega Platform application. A user can be associated with one or more access groups that identify the application. An access group has one or more access roles that define the permissions the user has in that application. 

Default access groups

Pega Robot Manager has four default access groups, each with a unique set of permissions intended to map to an expected user function. Each access group contains one or more roles that grant specific permissions. The following table lists the out-of-the-box access groups along with the corresponding roles generated when creating a new Pega Robot Manager application

Access Group Description Access Roles
Administrator Administrators can perform all actions in Pega Robot Manager. Only these users can deploy packages to the production deployment level.
  • PegaRULES:SysAdm4
  • PegaRULES:SecurityAdministrator
  • PegaRULES:PegaAPI
  • AutomationPackageManagement:Admin
  • PegaRobotManager:RobotRegistrator
Developer Developers can publish and manage automation packages.
  • PegaRULES:User4
  • AutomationPackageManagement:Developer
User Admin  User Administrators can manage run-time users and the organizational hierarchy.
  • PegaRULES:User4
  • AutomationPackageManagement:UserAdmin
Runtime User With attended robotic process automation (RPA), run-time users are case workers who fetch their automation package assignment from Pega Robot Manager. With unattended RPA, run-time users are Robots that process work from assignment types.
  • PegaRULES:User4
  • PegaRULES:PegaAPI
  • AutomationPackageManagement:RuntimeUser
Note: These access groups are a sample proposal. The actual access groups used must be defined and driven by specific business requirements. 

Access group modification

You may want to create additional access groups or update existing ones beyond what is provided out of the box, giving you a more tailored set of permissions for users. For example, you may wish to create an access group for provisioning and registering robots without granting full access to the Pega Robot Manager portal. Another use case is to grant user access to reports in Pega Robot Manager but restrict other functionality. You can add a new or update an existing access group with the desired set of access roles to create the appropriate set of permissions.

The following table displays the relevant roles for Pega Robot Manager.

Access Role Description

PegaRobotManager:RobotRegistrator
PegaRULES:PegaAPI

both roles combined grant permission to provision and register robots but does not permit access to the Robot Manager portal

PegaRobotManager:ReportUser grants permission to view reports in the Robot Manager portal
PegaRobotManager:ReportWriter same permission as ReportUser role plus access to create and update reports
PegaRobotManager:ReportAdmin same permission as ReportWriter role plus access to update report settings and categories

You can update the access roles list on the access group definition in Dev Studio. The order of roles is irrelevant unless you enable the Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access check box. Enabling this option causes Pega Platform to search for the necessary access based on the access role list order and stops as soon as access is explicitly granted or denied. By placing the AutomationPackageManagement access role in the first position, you can ensure that access is granted and the other access roles are not evaluated. 

robot access group options

Addition of users

Once the list of access groups are defined, you can add users to the application by using the Pega Robot Manager portal. Associate each user to the desired access group using the role drop-down list.

PRM Access group
Robot Manager add user
 

This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice