Read only Ruleset Access
Hi,
Is it possible to allow read-only access to certain Rulesets based on Access Groups?
We want to restrict certain operators (via Access Groups) from creating/modifying any rules in certain Rulesets listed in the Application.
Let's say we have the following setup:
MyApp:01.01.01 has Application rulesets: RuleSet1, RuleSet2, RueSet3
Access Groups: AG1 & AG2 both has Application: App123:01.01.01
AG1 should have full read-write access to RuleSet1 & RueSet3 but only read-only access to RuleSet2
AG2 should have full read-write access to RuleSet2 & RueSet3 but only read-only access to RuleSet1
We have considered the following options but none of them quite work for us:
1. Lock the rulesets: this is a new application under active development and all rulesets in constant use so this is not really feasible
2. Create a 2 Application rules:
- MyApp1 has RuleSet1 & RuleSet3 and have AG1 point to this App
- MyApp2 has RuleSet2 & RuleSet3 and have AG2 point to this App
But this would mean that AG1 can't (read) access RuleSet2 and AG2 can't (read) access RuleSet1
Hi,
Is it possible to allow read-only access to certain Rulesets based on Access Groups?
We want to restrict certain operators (via Access Groups) from creating/modifying any rules in certain Rulesets listed in the Application.
Let's say we have the following setup:
MyApp:01.01.01 has Application rulesets: RuleSet1, RuleSet2, RueSet3
Access Groups: AG1 & AG2 both has Application: App123:01.01.01
AG1 should have full read-write access to RuleSet1 & RueSet3 but only read-only access to RuleSet2
AG2 should have full read-write access to RuleSet2 & RueSet3 but only read-only access to RuleSet1
We have considered the following options but none of them quite work for us:
1. Lock the rulesets: this is a new application under active development and all rulesets in constant use so this is not really feasible
2. Create a 2 Application rules:
- MyApp1 has RuleSet1 & RuleSet3 and have AG1 point to this App
- MyApp2 has RuleSet2 & RuleSet3 and have AG2 point to this App
But this would mean that AG1 can't (read) access RuleSet2 and AG2 can't (read) access RuleSet1
3. Use Work class/flow (RuleSet => Security => Rule management) and have an approval process in place: this seems like an overkill and additional resource/time overhead. Moreover, this still doesn't prevent an operator from creating the rule to begin with.
Thanks.
Kind regards,
Suraj
***Edited by Moderator Marissa to update platform capability tags****
Accepted Solution
Pegasystems Inc.
US
In the when condition, you can check whether .pyRuleSet is in your list of restricted rulesets. The when condition can be referenced in your access role for Rule- instances or you could restrict by specific Rule class types if desired.
Pegasystems Inc.
US
Could you create different access roles and then use when conditions to control the ability to write and delete rules?
Adqura
GB
Yes I could create different access roles (and associated when conditions) but how exactly would I prevent write/editing/deleting on particular RuleSets? Do you have any examples/guides you can share?
Accepted Solution
Pegasystems Inc.
US
In the when condition, you can check whether .pyRuleSet is in your list of restricted rulesets. The when condition can be referenced in your access role for Rule- instances or you could restrict by specific Rule class types if desired.