Standard access role should not be listed in your custom access group. Is it correct?


Someone told me that you never should include standard access role to your application's access group (I am only talking about end user, not developer). I understand this because, for example, once you include PegaRULES:WorkMgr4 or PegaRULES:User4, they have "5" for Work- class. That means even if you restrict the access to MyCo-MyApp-Work-PurchaseRequest class in your custom access role, that will not take an effect.

Now, I am also feeling like some of access roles should be included like PegaAPI or SecurityAdministrator otherwise some of functionalities wouldn't work. Are these supposed to be considered as exception?


**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.


Keep up to date on this post and subscribe to comments

September 12, 2018 - 5:42am


I think this is a development recommendation before reaching Production. I believe in an ideal world you should have a custom version of those ROLES for your specific requirements.