Close popover

Table of Contents

Defining permissions by using Access of Role to Object rules

Version:

Use the Access of Role to Object rule form to define the permissions that an access role has for a class.

When you define an Access of Role to Object rule, you define access controls for various core functions by role and access class. You can define access controls by using either Access Manager or the Access of Role to Object rule form. The rule form enables somewhat more precise control when entering production levels. For more information about Access Manager, see Access Manager.

You specify access controls by entering either a production level or an Access When rule name. At run time, the system evaluates the value to determine whether access is granted.

  • If you enter a When rule name, the system uses the access class and class inheritance to find the Access When rule, and then evaluates the When rule to see if access is granted.
  • If you enter a production level, the system compares this level with the production level of the current system. The privilege is granted only if the access control's production level is greater than or equal to the system's production level. Enter 0 to provide no access. Enter 5 to allow access to all systems. When privilege inheritance and role dependency are in effect, a value of blank is undefined (neither true nor false); otherwise, a value of blank indicates no access. For more information on privilege inheritance and role dependency, see Privilege inheritance for access roles and Configuring an access role.
  1. In the navigation panel, click Records Security Access of Role to Object , open the rule you want to change, and click the Security tab.

  2. You can define the following access controls. For each field, enter a production level or When rule name.

    Open instances
    Controls whether users with this access role can open instances of this access class.
    Modify instances
    Controls whether users with this access role can save new or modified instances of this access class.
    Delete instances
    Controls whether users with this access role can delete instances of this access class.
    Run reports
    Controls whether users with this access role can run reports against instances of this access class.
    Execute activities
    Controls whether users with this access role can execute activities with an Applies to class that is equal to this access class.
  3. You can define the following Open, Modify, and Delete rules.

    The following Open, Modify, and Delete rules controls are typically needed only by application developers. If you enter a When rule, then at run time, the system uses the class of the primary page to locate the When rule. As a best practice, create the When rule in the Rule- base class.

    Open rules
    Controls whether users with this access role can open rules having this access class as a key part.
    Modify rules
    Controls whether users with this access role can create or modify rules having this access class as a key part.
    Delete rules
    Controls whether users with this access role can delete rules having this access class as a key part.

  • Specifying privileges for an Access of Role to Object rule

    To more precisely define access to instances of a class, you update the Access of Role to Object rule to grant or revoke privileges for a role and access class. Specifying privileges is optional.

  • Understanding Access of Role to Object rules

    Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.

  • Understanding Access When rules

    An Access When rule defines a test that the system performs to allow, or disallow, a user from performing an operation or accessing information (instances of a specific class) based on security requirements.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.