Close popover

Table of Contents

Understanding role permissions and privileges in Access Manager

Version:

Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.

Privilege setup involves two elements that link the rule, access role, and class:

  • A rule that requires a privilege before it can be used or accessed.
  • Access roles that are evaluated at run time to determine whether the privilege has been granted for a requestor.

At run time, the system compares the set of privileges that are associated with the requestor's access roles with the set of privileges that are required by a rule. If the requestor holds any of the required privileges, the requestor can, for example, run the activity, use the correspondence, or generate the report.

Circumstances and time-based qualifications are not available for privilege rules.

  • Specifying privileges for an Access of Role to Object rule

    To more precisely define access to instances of a class, you update the Access of Role to Object rule to grant or revoke privileges for a role and access class. Specifying privileges is optional.

  • Granting privileges to an access role

    On the Privileges tab of the Access Manager landing page, you can create, review, and modify privileges for users with different roles to access specific objects of a case and data types.

  • Privilege inheritance for access roles

    Privilege inheritance simplifies the process of defining privileges and access settings that are relevant in multiple classes.

  • Property security rules

    Property security rules enable you to restrict operator access to properties by privilege. To view a report that references the secured property, operators must have at least one of the privileges specified on the property security rule.

Suggest Edit

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.