Hi everyone, I need to create an access that reaches production, where the user will not have access to Action > Run on rules. In other words, they will not be able to do Actions > Run on an action set, or even have the Actions menu available maybe.
What would be the best way to create this access, or which privilege do I need to remove or deny for this to happen?
Thank in advance and for your time.
The right approach is usually to combine access roles + privileges + ARO/Access Deny
You can create a dedicated read-only access role and make it very restrictive. Set the user’s class access to read-only by giving the relevant classes Read = 1 and Write/Delete = 0 in the Access Role to Object setup
Remove any privileges that allow rule execution or rule authoring then use AROs to set the relevant classes to read-only and use Access Deny for specific rule categories if needed
Pega controls rule access through privileges, so if the user does not have the required privilege, Pega will block the rule from running
To remove the “Actions > Run” option, you must modify the user’s Access Role by removing the pxCanRunTests privilege. Open the specific Access Role Name assigned to the production user and find the entry for the @baseclass or the specific rule class. Within the list of privileges for that class, locate pxCanRunTests and delete it to restrict execution rights. Once you save the updated role, the system will automatically hide the “Run” command from the Actions menu for any user associated with that role. This specific change ensures that users cannot manually trigger rules or action sets in the production environment.