While upgrading from PEGA 8.2.8 to PEGA 8.6, two privilegies were added to the activity Rule-Obj-Report-Definition.pxRetrieveReportData : AllFlows and OpenDeveloperForm.
The problem with the addition of those privileges is that it obliges the user to have the privilegies if he needs to access to the report’s data.
A front-office user needs access to access report data and therefore must have the privilege to open a developper form or to open any Back-Office flow.
Appart switching the data page providing the report results to the node level and assigning the data page access to an administrator Access group, I don’t see how to load report data for thread-level data pages that are triggered by any non-developer role.
I looked for a solution online but didn’t find it.
Do you know how to implement a simple Thread-level data page list sourced by a report for a normal user role without AllFlows and OpenDeveloperForm privilegies in PEGA 8.6?
The user needs to have one of the listed privileges, not all of them, in order to be able to execute the rule.
You should either add a role to operator profile that has ALLFlows privilege or update the current role i.e. Access of Role to Object rule to include the same for all users who need to leverage the required thread level data page.
The application is available online to anyone and I would prefer not to be enforced to give AllFlows to every anonymous user to have them potentially using Back-Office flows. If I have to it I will do it but I would prefer that PEGA creates a specific privilege so I don’t have to give access to all flows while only giving access to report requesting.
It seems to me to be wrongly securized. I would have called that privilege: CallReports or RetrieveReportData to make a distinction with other access granted by AllFlows.
Let me take the opportunity to recommend to update to 8.7, which is available now and already contains this any many other improvements and prevents you from having to wait for 8.5.6 (which is expected in March or April)