Standard access role should not be listed in your custom access group. Is it correct?
Someone told me that you never should include standard access role to your application's access group (I am only talking about end user, not developer). I understand this because, for example, once you include PegaRULES:WorkMgr4 or PegaRULES:User4, they have "5" for Work- class. That means even if you restrict the access to MyCo-MyApp-Work-PurchaseRequest class in your custom access role, that will not take an effect.
Now, I am also feeling like some of access roles should be included like PegaAPI or SecurityAdministrator otherwise some of functionalities wouldn't work. Are these supposed to be considered as exception?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Keep up to date on this post and subscribe to comments
- No more referred Access Group but still getting issue No Such Access Group.
- What is use of HTTP/HTTPS home directory set in the advanced tab of the access group.
- Remove Duplicate entries in Value List or Value Group.
- what is PRAuthorization.ACCESS_MODIFY? how to assign this code to some access group/Access role?
- Can Access Deny rules ensure that access is denied across roles in an Access Group?