Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Bhagyashree Choudhary (BhagyashreeC9567)
Evoke Technologies

Evoke Technologies
IN
BhagyashreeC9567 Member since 2018 28 posts
Evoke Technologies
Posted: Apr 26, 2018
Last activity: Apr 27, 2018
Posted: 26 Apr 2018 13:23 EDT
Last activity: 27 Apr 2018 9:41 EDT
Closed

Class of a Privilege Rule

Hi Guys,

What should be the class of a Privilege rule in Pega?

I have a section on the landing page of a user portal in Data-Portal Class. The section has a Navigation Menu (in Data-Portal Class). Few items of the menu should be visible only to the Admin (Users having the Role Appl:Admin).
I need to refer an Admin Privilege in the Navigation menu properties ('Visible for privilege' field) for the items I need only Admin to access.
I can only refer Privilege rules here that are in the class or below Data-Portal (Data-Portal, Data-, @baseclass).
In which class do I create this Privilege Rule. Is it wise to create it in @baseclass in the Admin Access Role Appl:Admin.

In general how do you choose the class of the Privilege- based on the rule where it is referrred?

Thanks!

Bhagyashree

To see attachments, please log in.
Low-Code App Development
Dev/Designer Studio
Security

Posted: 6 years ago
Posted: 27 Apr 2018 9:41 EDT
Santhosh Bagannagari (bagas)
Pegasystems Inc.
Tech Lead, Security Engineering
Pegasystems Inc.
IN

Hi,

I do not have a straight answer for your question.  I tried to put my understanding of Privileges here. 

  1. When we are using the privileges to control the UI like Navigations and Sections, running Report Definition, the privilege must be present in the hierarchy of the applies to class of the rule. Here we can not control the access by using privilege from other classes. 
  2. But to control the execution of few rules like activity, flow action, Summary view, list view, Parse Structured, Corr rules etc; we will have option to give (className, privName) combination explicitly. In this case we can give any class name.
  3. Other important part is to granting the privilege to a user through Access Role Object. For granting privilege on a class (through RARO instance), it must be present in the class  hierarchy.

Considering above three combinations, I think creating privilege in the current class or anywhere in the hierarchy will solve all the above three use cases. If we have a privilege created in the system and we want to use the same in scenario like #2 above , we don't need to create new privilege in the class hierarchy, instead we can use the existing one with class & Privilege combination (as long as the access restriction purpose of the created privilege includes current scenario as well). 

Comments are welcome.

Regards,

Santhosh

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice