Skip to main content

Restricting user actions for case attachments

Pega Community logo

Note: The following content, referenced from Pega Community, is included here to help you better achieve the module learning objectives.

Improve case security by ensuring that users can interact with content that is appropriate for their role only. When you define conditions or privileges in an attachment category, you control which actions a user can take on a case attachment.

For example, when working with a loan request case type, only a manager can access documents that contain customer's sensitive data.
Before you begin: Define attachment categories that your case type supports. For more information, see Categorizing case attachments.

Note: At run time, restricting actions works for attachments of file and URL types only.
  1. In the navigation pane of Dev Studio, click App.

  2. In the class of the case type that you want to configure, expand the Process section.

  3. Click Attachment Category, and then click the name of the attachment category that you want to configure.

  4. Identify the case attachments types that your attachment category supports:

    1. Click the Availability tab.

    2. Select the check box next to one or more relevant attachment types.

  5. On the Security tab, restrict user actions on the attachment types:

    Choices Actions
    Restrict user actions accordingly to a privilege
    1. In the Access control list by privilege section, in the Privilege field, enter a privilege that you want to use to grant user actions.

    2. Select a check box in one or more columns, based on the user operations that this privilege grants.

      For example: To allow users to delete attachments that they create, select the Delete own check box.
    3. To add more privileges and specify other actions for each privilege, click Add privilege, and then repeat steps 5.a and 5.b.

      Note: At run time, users with the specified privileges can perform actions that you assign to each privilege.
    Restrict user actions accordingly to a when condition
    1. In the Access control list by When Rule section, in the When field, enter a when condition that you want to use.

      For example: Select a when condition that at run time evaluates if a user belongs to a Managers access group.
    2. Select a check box in one or more columns, based on the user operations that this privilege grants.

      For example: To allow users to add attachments to a case, select the Create check box.
    3. To add more when conditions, click Add when, and then repeat steps 5.a and 5.b.

      Note: At run time, if a when condition evaluates to true, users can perform actions that you associate with the when condition.

    Note: The absence of a privilege or when condition does not automatically restrict a user operation. For example, if you define a condition that allows users to create attachments, ensure that you also define another condition that restricts editing, viewing, and deleting attachments.
  6. Optional:

    To allow users to choose which teams can access the attachments that the users provide, select the Enable attachment-level security check box.

  7. Click Save.

Note: A user can perform an action only when all the when conditions return a true value, the user belongs to the required team, and the user holds at least one of the required privileges.
Note: Grant a privilege to case workers who resolve cases that include create permissions for this attachment category. For more information, see Granting privileges to an access role.

  • Extension points and supporting rules for attachments

    You can use extension points, system settings, and standard rules to customize the processing that occurs when you add an attachment to a case. For example, you can scan an attachment for viruses.

  • Attachment types
  • Reviewing required attachments for stage entry

    Maximize efficiency and speed up the case resolution process by verifying that the user provides relevant information, such as documentation and correspondence, before a case enters the next stage.

  • Configuring and working with optional actions in case types

    Provide flexibility for your cases and ensure that case workers, such as customer service representatives, resolve cases that require optional and additional actions that supplement the standard path.

  • Creating a rule specialized by circumstance

    Create a rule specialized by circumstance to provide a variant of the rule that your application triggers only conditionally under specified conditions. By creating specialized or circumstance rules, you address dynamic business requirements without changing the core logic of your application.

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice