Question
Red Alpha
US
Last activity: 13 Jan 2025 15:26 EST
How do I keep users not assigned to a case from being able to click Go?
Hello folks! My team and I are currently working on an application in which we wish to keep users not explicitly assigned to a particular work item from being able to enter the work item and edit it. Obviously, when a work item is not assigned to an individual it does not show up in their Task list; however, if a user were to search for a particular work item by ID that is not assigned to them they are able to bring up that work item and click "Go" to begin working on it. This behavior seems quite odd to my team and I, and definitely feels like it should be configurable out of the box. I have scoured the case settings for a possible checkbox to lock down cases to only be workable by those assigned to them (either individual operator or specific work group), but have found nothing. I have encountered this lack of case restriction in both Cosmos and Constellation, but I am most curious about a Constellation based solution. Any advice would be much appreciated!
The attached file shows a work item routed to a RequestManagers work group. I am logged in as myself and I am not a member of the RequestManagers work group, but I am still able to enter the work item and make changes to it.
Updated: 9 Jan 2025 0:51 EST
CollabPartnerz
IN
Hi @TessPorter,
What are you trying to achieve, you want to hide work items not in their work list or do you want to display the item but "GO" should be hidden for items that are not in their work list?
Evonsys
IN
This has been a problem in Constellation, we have achieved by adding Access role to Obj to Access Role in the Access groups. Attached the screenshots for better understanding.
Red Alpha
US
@KishoreKumarMadduriHello Kishore, I gave this a try on my end and it resolved parts of the issue, but introduced a new error. On of my workflows starts with a form collection step followed by an approval step. The approval step is routed to a work group. However, after I updating the access roles for the various users involved a permissions error came up preventing submission of the original form. In you implementation did you ever run into an error like this?
HCA Healthcare
US
@TessPorter To prevent users not assigned to a case from clicking "Go" and working on it in a Pega Constellation application, you can use Access Control Policies and Locking Settings. Create an Access Control Policy of type Read that checks if the current operator is assigned to the case by comparing .pxAssignedOperatorID with OperatorID. Set the Work Item Locking under the case settings to "Allow only one user to work on a case at a time" to restrict simultaneous access. Ensure that cases routed to a work group, such as RequestManagers, are only accessible by members of that group. Additionally, you can modify the Case Summary View by setting visibility conditions on the "Go" button, ensuring it only appears for authorized users. These steps will ensure only assigned users can work on a case, even if someone searches for it manually. Test the setup with users outside the work group to ensure restricted access. This setup improves security and prevents unauthorized case modifications
Red Alpha
US
@Sairohith Hello Sairohith, I am working on trying out this Access Control Policy solution, but I am curious about what you mentioned about setting visibility conditions on the "Go" button. My team and I were able to do this in Cosmos, but not in Constellation. How did you go about setting visibility conditions on the "Go" button in Constellation?