You've raised two questions.
Q1.When an operator has no access group associated with him an OOTB access group PegaRULES:WorkUsers assigned and PegaSample application is launching.
Is this the default behavior?
A. Yes. It's default behaviour as any operator should've the default access group.
As access group is associated with the application and it enables the user to have an access to the particular application. It provides authorisation mechanism for a user to access the application. It's one to one mapping.
Q2.Can we have a custom access group assigned to an operator id in this scenario at run time? If yes, can some one provide the place we need to update please?
A. I am not able to understand what you mean to say about runtime here?
Though, you can add access group to an operator. Open the operator rule, under the "Profile" tab - "Application Access" add the access group.
Though, at runtime Code-Pega-Security.ApplicationProfileSetup activity is called after authentication and before the user's portal is displayed.
But I am not sure whether this activity could be used for dynamically appending with a very chance of negative probability.
Hope it answers your questions, kindly acknowledge by marking this post as answered for larger Pega audience.
Let me add some more details for you to understand the situation.
We have a separate admin team to manage the access to the application. In one scenario admin team are just removing the access group and saving the operator ID (we can save the operator id with out any access group! I believe we can make it mandatory rather than showing a warning.).
When our application was running in 6.3 one user got admin access when he had no AG assign to his user id. We want to handle this so that user should not get the admin access.
However in 7.3 we noticed a default access group PegaRULES:WorkUsers is assigned even though user has none in his operator ID. I feel this is better than providing admin access. But can we associate our own AG so that we can show a custom message to the user ?
I have tried updating the Code-Pega-Security.ApplicationProfileSetup activity to forcefully set an access group at run time. But no luck. I have updated the pyAccessgroup and pyAccessGroupsAdditional(1) value list but no luck.
Is there any way we can setup an access group to user at run time if he has no access groups assigned to him. Appreciate your help!
Posted: 3 years ago
Posted: 26 Nov 2018 3:59 EST
Joseph Tan (tanj1)
Lead System Architect
If an operator is saved without any access group defined, it will default to the access group of the Organization he belongs to. E.g. Suppose the operator belongs to the organization MyOrg / Div /Unit, if no access group is defined, he will default to the access group defined in MyOrg (Data-Admin-Organization rule).
You can thus set a basic access group under the organization rule which can be used by all users defined within the organization who do not have an access group in their operator id.