Restricting access to Local Action
After you set a “Local Action” on a Wait within a Flow for the user to execute, what (is there a?) best practice around then securing it from a certain pool of users would you employ?
I introduced a local action to a Wait on a Flow in order to quickly facilitate a process change. I basically wanted to reset a property on the work case and use that in the assignment SLA – essentially setting a new time for the SLA to process, then put it back into “Wait”.
However, it was unclear at the time that the users didn’t want to be the ones executing the local action, but it would be nice if another set of users with access to the flow were able to execute. In the end, I opted to modify the navigation rule to hide the local actions from the user roles that shouldn’t be accessing them. While it addresses the immediate need, I’m concerned that other rules that might leverage pyWorkActionsReview in the future will need to be modified. I guess I was wondering if anyone knew of the right privileges and such or another way to get to where I was trying to go.
Note: I tried configuring permissions and setting privileges like ActionSetTicket to 0 for the users in question on Rule-Obj-Flow, R-O-FlowAction, Work-, etc., but testing did not pan out – they could still see the option to execute the “Set Ticket” local action in the flow and they could set the ticket. Maybe one of you knows of the right set of permissions that I missed.
After you set a “Local Action” on a Wait within a Flow for the user to execute, what (is there a?) best practice around then securing it from a certain pool of users would you employ?
I introduced a local action to a Wait on a Flow in order to quickly facilitate a process change. I basically wanted to reset a property on the work case and use that in the assignment SLA – essentially setting a new time for the SLA to process, then put it back into “Wait”.
However, it was unclear at the time that the users didn’t want to be the ones executing the local action, but it would be nice if another set of users with access to the flow were able to execute. In the end, I opted to modify the navigation rule to hide the local actions from the user roles that shouldn’t be accessing them. While it addresses the immediate need, I’m concerned that other rules that might leverage pyWorkActionsReview in the future will need to be modified. I guess I was wondering if anyone knew of the right privileges and such or another way to get to where I was trying to go.
Note: I tried configuring permissions and setting privileges like ActionSetTicket to 0 for the users in question on Rule-Obj-Flow, R-O-FlowAction, Work-, etc., but testing did not pan out – they could still see the option to execute the “Set Ticket” local action in the flow and they could set the ticket. Maybe one of you knows of the right set of permissions that I missed.
Note 2: I also get that this is a ticket, many people feel all tickets are evil, etc. So, if there’s a non-ticket method to get this done, I’m open to it too. I probably won’t be going and re-doing this but I’d like to know for the future.
Note 3: I saw this post, but it did not help. I didn’t see any such Condition in the Wait shape, Advanced Options, Local Actions area for input … perhaps because this addresses Flow Actions and I’m not setting it up as a Flow Action … which maybe I should’ve done. (https://pdn.pega.com/community/pega-product-support/question/restricting-option-take-action-drop-down)
Thanks in advance for the input.
Accepted Solution
Capgemini
IN
How about adding one when rule in the security tab of the flow action that you are using as local action. Other action drop down is populated after evaluating the when rules present in each flow action rule.
-Saikat