Creating an Access of Role to Object rule
Create an Access of Role to Object rule to associate an access role with a class.
In the header of Dev Studio, click.
On the Create form, define the context of the rule.
In the Access class field, press the Down Arrow key and select the class that defines the abstract or concrete class that users who hold this access role need to access in some way. To provide uniform access to both a parent class and all its subclasses, enter the parent class name.
In the Add to ruleset field, select the name and unlocked version of a ruleset that stores the privilege. As a best practice, to avoid confusion and difficult-to-debug security configurations, use the same ruleset as the ruleset of the Access class that you selected in 2.a.
Click Create and open to open the Access of Role to Object form.
- Defining permissions by using Access of Role to Object rules
Use the Access of Role to Object rule form to define the permissions that an access role has for a class.
- Specifying privileges for an Access of Role to Object rule
To more precisely define access to instances of a class, you update the Access of Role to Object rule to grant or revoke privileges for a role and access class. Specifying privileges is optional.
- Defining access settings for an Access of Role to Object rule
To more precisely define access to instances of a class, you associate one or more access settings with an access role by using the Settings tab of the Access of Role to Object rule form. Specifying access settings is optional.
- Understanding Access of Role to Object rules
Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.
- Copying a rule or data instance
Use the Save As form to copy an existing record's functionality to a new record with unique key parts. This form is pre-populated with the original record's key parts and creates default values for the new record's context.
- Creating a specialized or circumstance rule
You can create a specialized or circumstance rule to create a variant of the rule that can be triggered only conditionally. The created rule is resolved and active only when the specified conditions are met. Create specialized or circumstance rules to address dynamic business requirements without changing the core logic every time. For information about rule resolution exceptions and how they might affect circumstance rules, see .
- Managing access roles
An access role rule defines a name for a role, and represents a set of capabilities. To deliver these capabilities to users, you reference the access role name in other rule types to assign the access role to users and to provide, or restrict, access to certain classes.