Question


ING Bank N.V.
NL
Last activity: 17 Jan 2023 9:46 EST
OOTB Access roles to make Developer Studio read-only
Are there any OOTB roles , provided by PEGA, to make the Developer Studio read-only , where rules can only be viewed , but not written, edited or deleted ?
To be clear : I am not asking about privileges or the mechanism to develop a custom solution , as we have already implemented one and it is working.
My question is about whether there is a OOTB role ,already provided by PEGA , to enable a Read-only solution quickly.


IQZ Systems LLC
US
Hi @VTALUKDAR,
Try "PegaRULES:Guest".
Updated: 10 Jan 2023 7:40 EST


ING Bank N.V.
NL
@KiruthikaA Tried it : that Access role only authorizes access to PEGA's Rule-Application instances. Same with the PegaRULES:Guest-Maximum as well.
Try with a specific application , and you get an error :
Caused by: com.pega.pegarules.pub.runtime.IndeterminateConditionalException: You are not authorized to open instance RULE-APPLICATION XXXXX 02.06.18 at com.pega.pegarules.priv.FUAUtil.activityPreTranIndeterminateConditionalCheck(FUAUtil.java:446) ~[prpublic.jar:?] at com.pegarules.generated.activity.ra_action_requestorinitialize_89ad755666c9b32d183401b5c4c47e77.step4_circum0(ra_action_requestorinitialize_89ad755666c9b32d183401b5c4c47e77.java:1061) ~[?:?]


Pegasystems Inc.
IN
@VTALUKDAR Can you disable checkout from Operator ID and try ? That will make it not editable for all the versioned rules and non versioned rules but might not be applicable for data instances.


ING Bank N.V.
NL
@SrinidhiM Disabling check out is only part of the problem , not the full solution.
This is my use case :
Use case : -- User should be able to view rules, but not write, or delete anything -- User should not be able to Run rules (either from the rule itself or from Clipboard) -- User should not be able to Import code into PEGA -- User should be able to view Clipboard , Tracer and all other Diagnostic features
-- User should not be able to Add a rule to Favourites.


Pegasystems Inc.
IN
@VTALUKDAR Hi Can you check the below privileges:
pxViewDeveloperDesktop
pxViewLimitedForm
There is one Access Role Name (PegaRULES:ViewerCollaborator) but you might have to do some changes because this does not include privilege to run basic rules which are required for authentication


ING Bank N.V.
NL
@SrinidhiM I have already worked on a custom solution which achieves this, but my point was to get something OOTB so that it can be used directly without ANY customization.
I guess from the answers I have received, no such role actually exists...Yes I can try with adding granular privileges, but that approach would be very similar to my custom solution anyway...


Pegasystems Inc.
IN
@VTALUKDAR Yes, Seems like the OOTB roles and privileges that are available only provides a part of your requirement and not the complete requirement. We might need to add granular privileges which you have already done.


Masking Technology
NL
Do they need to see all the rules? Or just a few of them?
In case it's the latter, you can delegate the rules and just make sure they cannot save them.


ING Bank N.V.
NL
@BasM7674 No that is not an option. As I mentioned above, the user should be able to view all rules, not just the ones which can be delegated .


Masking Technology
NL
Why wouldn't you give them access to the staging environment. I assume you have one, there you can see everything as it is on production, right?


ING Bank N.V.
NL
@BasM7674 The problem is not that we cannot give them access to STAGING environment. The issue is that sometimes there are specific instances where we need to look into the PROD environment without actually being able to change anything.
Suppose an agent/job scheduler/data flow fails in PROD, but did not fail in ACCEPTANCE/STAGING environment. Then we have no other option but to open the PROD environment. We want a access role which would allow us to peek into the PROD Environment and SEE everything, but would not be allowed to CHANGE anything.
I hope I was clear with the use case now.