Understanding Access of Role to Object rules
Access of Role to Object rules specify permissions that are granted to a role and access class. These permissions restrict what developers and operators can do with rule and data instances. An Access of Rule to Object rule applies to all instances of its access class.
Access Manager simplifies the process of granting authorization. As a best practice, use Access Manager instead of working directly with the Access of Role to Object rule form. For more information, see Access Manager.
You can use the rule form to do the following tasks:
- Create or delete an Access of Role to Object rule.
- Specify settings for an Access of Role to Object rule. For more information, see Defining access settings for an Access of Role to Object rule.
- Specify production levels 2, 3, or 4 for an access control. For more information, see Defining permissions by using Access of Role to Object rules.
Access of Role to Object rules can also be created from the Access Role Name rule form.
Typically, an access group contains multiple roles. At run time, the Access of Role to Object rules for all of the user's roles are evaluated. The rule with the most permissive setting takes precedence. For example, if the user's access group has roles A and B, and role A does not have access, but role B has access, then the user has access.
- Rules development
- Managing access roles
An access role rule defines a name for a role, and represents a set of capabilities. To deliver these capabilities to users, you reference the access role name in other rule types to assign the access role to users and to provide, or restrict, access to certain classes.
- Access Manager
Use Access Manager to view and determine what authorization operators have for accessing case types, data, and tools in an application.