You are here: Reference > Rule types > Access of Role to Objects > Access of Role to Object form - Completing the Privileges tab

Access of Role to Object form
Completing the Privileges tab

  1. About 
  2. New 
  3. Security 
  4. Privileges 
  5. Settings 
  6. History 
  7. More... 

Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access of Role to Object rule forms. In the Designer Studio, click Designer Studio > Org & Security > Access Manager.

If you are not using Access Manager, complete this optional array to associate one or more privileges and a production level with this Access of Role to Object rule.

By listing a privilege on the Privileges tab, you grant that privilege to those users (or other requestors) who hold the access role that is the first key part of this rule, as they work with instances of the class that is the second key part, on a system that has a specific production level (or lower). For example, adding the privilege AllFlows to the rule PegaRULES:User9 Data-WorkAttach- grants any user with the role PegaRULES:User9 the privilege to execute all flows on instances in (or derived from) the Data-WorkAttach- class.

When the flow opens a work item, the system checks the work item's class; it executes the flow if the work item inherits from the Applies To class of the privilege. (This assumes the user executing the flow has been granted the privilege.)

When a privilege is added to a rule, it may be checked at runtime against a different class, such as when opening a work item (which inherits from Work-) from a flow. For example, the privilege ActionApprove has been added as a requirement to run rules opened by the flow rule New in the Applies To class ExemplarOrg-FW-ExemplarAppFW-Work

You can enter any number of privileges into this array. Order is not significant.

Field

Description

Privilege

add rowOptional. Identify a privilege. Enter the second key part of a Rule-Access-Privilege rule for which the Applies To key part is the same as the Access Class key part of this rule.

Level

Optional. Identify a production level between 0 and 5.

When you enter a number, at runtime the system compares this level with the production level of the current system (recorded in the system settings instance).

Enter 0 or leave blank to provide no access.

The privilege is granted only if the numeric value here is greater than or equal to the production level value.

About Access of Role to Object rules