Question

Manage Dependent Roles

Hi,

In PRPC v4, there is now an option to define dependent role of an Access role (in the definition of the Access role).

As per PRPC help - Manage dependent roles – Click to add, change, or delete a role or roles from which the access role inherits all the privileges and access rights.

Has anyone able to utilize this feature so far in this version of PRPC?

If I define an Access role (say, XYZ), which has PegaRULES:WorkMgr4 and PegaRULES:User4 defined as dependent role in it's definition, PRPC doesn't seem to inherit those dependent roles/privileges.

This problem becomes more apparent when I set XYZ as the only access role of one my user's access group and also enable 'Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access' option in that access group. If you check this setup, you will find you won't be able to login with the user of that access group anymore as that user now lacks all required OOTB privileges.

Let me know if it is an known bug or I misunderstood this feature.

Thanks in advance.

Comments

Keep up to date on this post and subscribe to comments

Pega
October 19, 2019 - 8:06pm

When you create an access role, please make sure that you configure dependencies correctly from other roles to determine access rights. Please refer to the below pdn link:

https://community.pega.com/sites/default/files/help_v83/procomhelpmain.htm#/express/rule-/rule-access-/rule-access-role-/rule-access-role-name/main.htm

October 21, 2019 - 2:54pm
Response to SusanLiu

Thanks for your reply.

In my original post I described a sample setup that I made to test this feature. Can you check and confirm if the dependency was correctly made?

If not, can you please suggest what is the right way to do so?

Thanks