More about Privilege rules
|
|
After a privilege is defined, you can associate it with specific rules in nine rule types. One rule type conveys access and eight types restrict access:
In addition, privileges can affect the operation of user forms, including which sections are visible, which buttons are enabled, and which icons are enabled. Privileges can enable the use of file attachments, and access to certain tools and portal facilities.
At run time, the system compares the set of privileges associated with the requestor's access roles with the set of privileges associated with these objects. If the requestor holds any of the required privileges, they can run the activity, use the correspondence, execute the report and so on.
To determine whether a requestor holds a specific privilege, your application can call the standard Boolean function HavePrivilege(), which returns true or false:
@(Pega-RULES:Default).HavePrivilege("tools", privname, privAppliesTo, pagename)
where the second and third parameter identify the two key parts to a Rule-Access-Privilege rule. If you omit a value for the third parameter, the system uses the class of page identified in the optional fourth parameter as the Applies To key part of the privilege rule.
To test your privilege and security setup, you can use the HavePrivilege() function with a report to list all privileges that a user holds. See PDN article How to list all privileges available to a user.
access role, attachment category, privilege, RuleSet list | |
About Access Role Name rules
About Access of Role to Object rules Privilege-Check method |
|
Standard privileges |