Operator ID form
Completing the Security tab

Field

Description

Update password

Click to enter the user's password. After a user is authenticated, the user can change this password from the profile display.

The settings for passwords — -minimum length, number and types of characters required, whether you can re-use an old password, and so on--are set on the Security Policies landing page tab of the System landing page. Only operators with an access group including the privilege pzViewAuthPoliciesLP can see or work with the Security Policies landing page tab. For an example, see PDN article How to configure login security and password policies.

Depending on the enabled Security Policies, you may see and have to respond to a CAPTCHA test when changing a password.

PRPC records any log-in failure from any requestor type as an instance of the Log-SecurityAudit class. To view the date and time, remote host name and IP address, and user name of log-in failures, execute the standard list view rule ListofLoginFailures.

The system converts the password to a hash value using a one-way MD5 algorithm. The hashed value is also contained within the Storage Stream (BLOB) column of the pr_operators table. Using the View XML action, developers can only discover the hashed form of any operator password. The clear-text form of the password does not appear in the PegaRULES database and is never transmitted in any HTTP message to or from the workstation.

As a security feature, the passwords for [email protected] and three other initial Operator IDs can be changed only by logging in as one of the four. As a best practice, log into [email protected] and change these four passwords to private, secure values promptly after your system is installed. Repeat after any PRPC upgrade, as your passwords are overwritten by the upgrade processing. See Atlas — Initial Operator IDs.

Select to allow this user to update rules in RuleSets that use checkouts.

When this box is selected, the Check Out or Private Edit toolbar buttons appear rather than the Save button, for RuleSets that require check-out. In addition, this user has a personal RuleSet that appears at the top of the RuleSet list.

Note the following:

• When check-out is enabled, the system saves the entire previous rule each time you check in a new one, supporting the Restore operation. See How to restore the earlier state of a rule.
• Check this box for most users of the Designer Studio, even if they do not expect to check out rules. Clear this box for workers, managers, and anyone who does not use the Designer Studio or does not update rules.
• Check this check box for developers who plan to use the Application Express to generate applications. When the tool generates an application, the generated RuleSets are set to use check out.
• If this box was checked, and is unchecked at a time when the operator's personal RuleSet contains one or more checked-out rules, you cannot save the Operator ID form. This restriction prevents the creation of orphaned rules — rules that are checked out but cannot be checked in. Have the operator check in or delete all checked-out rules from the personal RuleSet before clearing the box. Select > Application > Development> Checked Out Rules to display a list of checked-out rules.

For best performance on a production system, minimize the number of distinct users who can check out rules. Even when a personal RuleSet is empty  — the operator has not checked out any rules  — each user who has this capability has a unique, distinct RuleSet list. So, each Java-based rule that this user executes is assembled. Processing resources are required for rule assembly and additional memory is required for the Rules Assembly cache.

Use external authentication

Select to require that this operator be authenticated only through LDAP or other external authentication facilities. If this check box is not selected, the system uses the password on this tab to authenticate this operator.

Starting
activity to
execute

Identify the first activity that the system executes after this user is authenticated. The standard activity for this purpose is named Data-Portal.ShowDesktop. This activity displays the user portal defined in the user's access group.

License Type

This field affects how the License Compliance facility classifies users who authenticate using this Operator ID instance. Depending on the terms of your license arrangement with Pegasystems Inc., the value you select for this field may affect license compliance tracking and usage reporting. See Working with the License Compliance facility.

In most cases, select:

• Named if this Operator ID is a person who interacts with PRPC through a Web browser.
• Invocation if this Operator ID is for processing performed through service calls, or for processing by external users (typically through the Directed Web access feature)