Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Kagan Kaya (KaganKaya) Bolcom
Bolcom
NL
KaganKaya Member since 2017 3 posts
Bolcom
Posted: Nov 26, 2021
Last activity: Nov 26, 2021
Posted: 26 Nov 2021 2:44 EST
Last activity: 26 Nov 2021 7:04 EST
Closed

How to restrict users to truncate a dataset?

Hi,

We have a requirement to restrict users to truncate a dataset which can be DDS and DatabaseTable etc.

Is there any OOTB privilege to prevent an access group to truncate a dataset or is it possible to satisfy this requirement by defining an Access Role To Object?

Thanks in advance!

To see attachments, please log in.
Pega Platform 8.5.5 Security

  • Raju Botu
Posted: 2 years ago
Posted: 26 Nov 2021 4:05 EST
Inigo Veiga Morante (VEIGI) PEGA Lead System Architect
Pegasystems Inc.
ES

@KaganKayawithout knowing all the context, I would say the best option would be to add the appropriate entries in the Access Role Name. Thinking quick and without investigating much I would say you can indicate the class of this object and set the delete instances value to 0. 

To see attachments, please log in.
Posted: 2 years ago
Posted: 26 Nov 2021 6:46 EST
Kagan Kaya (KaganKaya) Bolcom
Bolcom
NL

@VEIGIthanks a lot for your response! I have used the same approach by defining the dataset class(Adq-Testing-Data-AOMLog) with Delete Instance value to 0 but it does not work for the Decision Data Store( It works fine for database table dataset as expected)

The options(truncate, browse etc) for dataset are populated in Embed-DataSet-ActivityParams.pxPopulateOperations activity and seems to be handled in Embed-DataSet-Operation-Truncate-DDS class. However, although I have applied the same approach for this class, the records are being deleted from DDS.  

To see attachments, please log in.
Posted: 2 years ago
Posted: 26 Nov 2021 6:51 EST
Inigo Veiga Morante (VEIGI) PEGA Lead System Architect
Pegasystems Inc.
ES

@KaganKaya i am not an expert on DDS topic, maybe you can open a SR with PEGA to try to find a solution or try the solution suggested by @GunaSekaran_B. Hope this helps.

To see attachments, please log in.
Posted: 2 years ago
Posted: 26 Nov 2021 6:09 EST
Gunasekaran Baskaran (Gunasekaran Baskaran) Lventur Delivery Head [PEGA]
Lventur
IN

@KaganKaya

The easy way to bring this restriction would be, by using ABAC - Attribute Based Access Control.

You could have ABAC created in needed class with delete action and in Access Control Policy Condition you could have your logic to define who all will have access and not...

Basically ABAC is to control security/access related things.

Records -> Security -> Access Control Policy

Records -> Security -> Access Control Policy Condition

 

To see attachments, please log in.
Posted: 2 years ago
Posted: 26 Nov 2021 7:04 EST
Kagan Kaya (KaganKaya) Bolcom
Bolcom
NL

@Gunasekaran Baskaranthanks for your help! The ABAC approach has the same result with the Role Based access control that @VEIGI mentioned. After defining the Access Control Policy(delete action) & Access Control Policy Condition rules for the dataset class, the records from DDS are deleted however they are not deleted from Database table dataset  

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice