More about
Privilege rules
|
|
After a privilege is defined, you can associate it with specific rules in eight rule types. One type conveys access and seven types restrict access:
In addition, privileges can affect the operation of work object forms, including which sections are visible, which buttons are enabled, and which icons are enabled. Privileges can enable the use of file attachments, and access to certain tools and portal facilities.
At runtime, the system compares the set of privileges associated with the requestor's access roles with the set of privileges associated with these objects. If the requestor holds any of the required privileges, they can run the activity, use the correspondence, execute the report and so on.
To determine whether a requestor holds a specific privilege, your application can call the standard Boolean function HavePrivilege(), which returns true or false:
@(Pega-RULES:Default).HavePrivilege("tools", privname, privAppliesTo, pagename)
where the second and third parameter identify the two key parts to a Rule-Access-Privilege rule. If you omit a value for the third parameter, the system uses the class of page identified in the optional fourth parameter as the Applies To key part of the privilege rule.
To test your privilege and security setup, you can use the
HavePrivilege() function with a report to list all
privileges that a user holds. See Pega Developer Network
article 
PRKB-24071 How to list all privileges
available to a user.
|
access role, attachment, attachment category, privilege, RuleSet list |
|
About
Access Role Name rules
About Access of Role to Object rules Privilege-Check method |
|
Atlas — Standard privileges |