Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Jonathan Edwards (edwaj)
PEGA
Senior System Architect
Pegasystems Inc.
AU
edwaj Member since 2012 6 posts
PEGA
Posted: Dec 20, 2017
Last activity: Dec 21, 2017
Posted: 20 Dec 2017 23:02 EST
Last activity: 21 Dec 2017 15:08 EST
Closed

Authorization - Send Email Smart Shape Attachment Security

Hi All,

I would like to add a Send Email smart shape to a flow rule, and specify an Attachment Category to include an attachment in the outbound email. There are many paths that lead to the execution of the Send Email smart shape; the shape may be executed after completion of an assignment, or after a wait shape has expired for example.

Up until this point the configuration is relatively simple and all is well. Until we apply security constraints...

To restrict access to the attachment, the Attachment Category rule security tab is updated; the "Access control list by privilege" is configured to grant varying levels of access to six different user types.

At run-time, when the Send Email smart shape is executed, an error occurs: "You are not authorized to open instance DATA-WORKATTACH-FILE". I suspect that this is because the Send Email shape is executed by a requestor that does not have a privilege defined in the "Access control list by privilege" section of the Attachment Category rule.

My question is, how can we configure our application to generate the email notification (with the attachment) in this type of scenario? e.g. the authorization settings of the user that performed the previous step, should not impact generation of the email notification with the attachment.

Thank you in advance for your help.

Jonathan

To see attachments, please log in.
Case Management
Security

Posted: 7 years ago
Posted: 21 Dec 2017 15:08 EST
Mike Townsend (MikeTownsend_GCS) Director, Technical Support, Customer Service
Pegasystems Inc.
US

Hello Jonathan,

When you are sending the correspondence from the smart shape, I believe it calls the pzSendEmail activity, which in step 9 (in version 7.3.1), it always sets the parameter to send the mail via an agent. That means that the SendCorr agent needs permission to do what you are trying to do. I suspect if you did a private checkout of pzSendEmail and changed step 9 to not do that, you would see it using your operator's privileges. To have the level of configurability that you are looking for, you may need to do something custom instead of using the smart shape and I'd start with the pzSendEmail activity and tweak as needed.

Thanks,
Mike

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice