Specifying privileges for an Access of Role to Object rule
To more precisely define access to instances of a class, you update the Access of Role to Object rule to grant or revoke privileges for a role and access class. Specifying privileges is optional.
You can make these updates by using Access Manager or the Access of Role to Object rule form. The production level values that you can specify are different on these two forms. For more information on Access Manager, see Access Manager.
A privilege associated with an Access of Role to Object rule is granted to users who have the access role, when they work with instances of the rule's access class (or child class), on a system that has a specific production level (or lower).
In the navigation panel, click Privileges tab., open the rule you want to change, and click the
In the Privilege field, enter the name of the privilege to grant to this role. The privilege must already be defined for this access class.
You can add more privileges by clicking the Add a row icon.
You can remove privileges by clicking the Delete row icon, or updating the Level to 0 or blank.
In the Level field, enter a When rule name or a production level. At run time, the system evaluates this value in the following ways:
- If you enter a When rule name, the system uses the access class and class inheritance to find the Access When rule, and then evaluates the When rule to see if access is granted.
- If you enter a production level, the system compares this level with the production level of the current system. The privilege is granted only if the privilege's production level is greater than or equal to the system's production level. Enter 0 or leave blank to provide no access. A value of 5 allows access to all systems.
Click Save.Active requestor sessions on the current node are immediately updated. Requestors on other nodes in a cluster are updated when the next system pulse occurs on their nodes.
- Defining permissions by using Access of Role to Object rules
Use the Access of Role to Object rule form to define the permissions that an access role has for a class.
- Defining access settings for an Access of Role to Object rule
To more precisely define access to instances of a class, you associate one or more access settings with an access role by using the Settings tab of the Access of Role to Object rule form. Specifying access settings is optional.
- Understanding Access of Role to Object rules
Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.
- Understanding role permissions and privileges in Access Manager
Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.