You are here: Security > About Access Manager

Access Manager landing page

Launch the Access Manager landing page by selecting the Designer Studio > Org & Security > Access Manager menu item.

The following tabs are available on this landing page:

To use Access Manager, you must be logged in as an operator associated with an access group containing the PegaRULES:SecurityAdministrator or PegaRULE:BasicSecurityAdministrator role. If you have the latter role, you do not see the Tools tab.

Access Manager enables you to view and authorize operator access to case types, data, and tools in your applications. The Work & Process tab shows authorization for case types and the actions users can perform on them (for example, open, run reports, perform assignments), plus process flows and flow actions. On the Tools tab, you can manage access to built-in and custom application tools.

Use Access Manager to determine and define the access users have to items in the display. When you select an access group, the left column shows the level of authorization users have to the item: full access (), no access ( ), or conditional access ().

Note: In Pega 7 Platform, authorizations are typically granted based on a user's access group, not the role. The most permissive role in the access group determines the level of authorization for the access group. (Note an exception: If an Access-Deny rule has been applied to a role, that role and all other users in the access group are denied access to instances of the class.) The aggregate security level is visible in Access Manager as the icon to the left of the item to be secured.

Consider Access Manager a view to your security model, rather than a means to construct it. Create access roles and access groups, and define privileges independently of Access Manager.

Work & Process tab

Work and process elements in the display are grouped by case type (work class).  For each class, Access Manager displays operations on instances of the class that can be secured:

Additionally, Access Manager displays:

The tab displays the following fields and clickable items:

Field

Description

Application

To filter the list to display case types (or tools on the Tools tab) for one or more applications in the Access Manager, click Applications and select the desired application(s).

Access Group

Select the access group from the menu, or select All Access Groups. Access Manager displays the Single Access Group display or the All Access Groups display.

Export authorizations

Click to generate a report of your application security model. The report shows all case type items expanded. See PDN article Generating Work & Process application authorization settings documentation.

[refresh]

Click to refresh the Access Manager display.

[Case type name]

Click to display the class rule form in a new tab.

[Role name]

In single access group display, click to display a list of Access of Role to Object rules for this role. Double-click an item to open the rule form. Authorization settings made in Access Manager for Access Controls (user operations) show a zero for no access, 5 for full access, and an Access-When rule for conditional permission.

[Access group name]

In all access groups display, click to display the access group rule form.

For more information, see Access Manager — Authorizing Work & Process items.

Tools tab

The Tools tab displays tools you can secure in two categories:

The tab displays the following fields and clickable items:

Field

Description

Application

To filter the list to display case types (or tools on the Tools tab) for one or more applications in the Access Manager, click Applications and select the desired application(s).

Access Group

Select the access group from the menu, or select All Access Groups. Access Manager shows either the Single Access Group display or the All Access Groups display.

[refresh]

Click to refresh the Access Manager display.

[Role name]

In single access group display, click to display a list of Access of Role to Object rules for this role. Double-click an item in that list to open the rule form. Authorization settings made in Access Manager for Access Controls (user operations) show a zero for no access, 5 for full access, and an Access-When rule for conditional permission.

[Access group name]

In all access groups display, click to display the access group rule form.

For more information, see Access Manager — Authorizing Tools.

Privileges tab

On the Privileges tab you can create, review, and modify privileges for users with different roles to access specific case and data types.

Select the type of class

Select either Case type or Data type. Your choice here determines your options in the next row.

Select a role and a class or data type.

Select the Show inherited privileges check box to display privileges the role inherits .

Review the and modify the privileges for the role

The grid displays the privileges associated with the selected role for the selected class. For each grid entry the following information displays:

To add a privilege:

  1. Click the + icon below the grid display.
  2. In the form that appears, select the privilege from the available options, and set the access to FullConditional, or None.
  3. Click OK to add the privilege to the role for the selected case or data type, or click Cancel to close the form without adding a privilege.

Click the X icon at the right of the privilege to remove it for the selected class from the selected role.

Customizing the Privileges tab selectable options

You can customize the selectable options that appear for many fields on this tab. See Customizing the Access Manager Privileges tab.

Definitions access group, access role
Related topics About access group data instances
About access role data instances
Atlas Initial Access Groups

Tools — Organization and Security
Designer Studio — About Landing Pages