Question

How to pass dynamically set Access Roles to standard agent task?

Hello everyone!

We have such sutiation:

  • There is only one Access group "Users" for business users in application with one Access role in it
  • When user logs into Pega we dynamically add Access roles similar to this article - https://community.pega.com/knowledgebase/articles/how-dynamically-add-roles-during-user-authentication
  • So the user for example has two roles in runtime.
  • User make some actions that brings to queueing an agent task. Agent has standard mode.
  • Agent uses user's Access group to process the task. But he has only one original role and doesn't have any dynamically added roles.

The problem here is in access absence to classes described in the second role (dynamically set).

If an agent will try to do something that can do second role, but the first role can't, it will fail.

What is the best practice here?

***Edited by Moderator Marissa to update platform capability tags****

Comments

Keep up to date on this post and subscribe to comments

April 25, 2019 - 2:21am

Any ideas?

Finally we've created a separate access group for agents with admin rights.

And when we create a task for agent, we change pyAccessGroup, to the task will be processed under our new access group, not under user's access group.

July 18, 2019 - 2:23pm

Hello,

I'm not sure I completely follow. You want to use a similar method, but the context of the requestor doesn't have access to the classes you need? Definitely, you need to start in an access group with the fundamental classes of your application. I would caution against giving it administrator privileges for security reasons. I would create a stripped down access group that has your application/rulesets in it, so that the classes are available and then go from there.

Thanks,
Mike