Close popover

Table of Contents

Controlling role evaluation for access groups

Version:

Typically, when the system determines a user's access rights to a class, it searches Access of Role to Object ( Rule-Access-Role-Obj ) rules for all of the access roles listed in the operator’s access group. Access is granted if any of these access roles permit it. You can, instead, control how many access roles are searched and the order in which they are searched.

The order in which access roles are searched is determined by the order in which they are listed in the operator’s access group. An option on the access group lets you specify that the search process stops as soon as an access role is found with a relevant Access of Role to Object rule that either grants or denies access.

  1. In the header of Dev Studio, click Configure Org & Security Groups & Roles Access Groups .

  2. Click an access group name to open the Access Group rule form.

  3. On the Definition tab, select the Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access check box.

  • Privilege inheritance for access roles

    Privilege inheritance simplifies the process of defining privileges and access settings that are relevant in multiple classes.

  • Turning on privilege inheritance for access roles

    You can turn on privilege inheritance for access roles to simplify how you define privileges and access settings that are relevant in multiple classes.

  • Understanding Access of Role to Object rules

    Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.