Creating a privilege
You can associate many rule types with privileges to more precisely define the access control features that are provided by Access of Role to Object rules. You create a privilege by using the Privilege rule form.
In the header of Dev Studio, click.
On the Create form, enter values in the fields to define the context of the privilege.
In the Label field, enter text that describes the purpose of the privilege.
In the Apply to field, press the Down Arrow key and select the class that defines the scope of the privilege.
The class controls which Access of Role to Object rules you can link to the privilege.
In the Add to ruleset field, select the name and unlocked version of a ruleset that stores the privilege.
To change the default identifier for the privilege, click Edit, and then provide a unique value in the Identifier field.
Click Create and open to open the Privilege form.
- Understanding role permissions and privileges in Access Manager
Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.
- Requiring a privilege for a rule
You can update a rule to specify that a privilege is required to access or use that rule. Only certain rule forms include the Privilege field, and for the rules that do, entering privileges is optional.
- Viewing the roles that have a privilege
To understand who has various privileges, you can view the roles that have a privilege. You can do this in various ways. The way you view roles and privileges depends on your familiarity with role and privilege names.
- Specifying privileges for an Access of Role to Object rule
To more precisely define access to instances of a class, you update the Access of Role to Object rule to grant or revoke privileges for a role and access class. Specifying privileges is optional.