You are here: Reference > Rule types > Access of Role to Objects > Access of Role to Object rules- Completing the New or Save As.. form

Access of Role to Object rules
Completing the Create or Save As form

  1. About 
  2. New 
  3. Security 
  4. Privileges 
  5. Settings 
  6. History 
  7. More... 

Records can be created in various ways. You can add a new record to your application or copy an existing one. You can specialize existing rules by creating a copy in a specific ruleset, against a different class or (in some cases) with a set of circumstance definitions. You can copy data instances but they do not support specialization because they are not versioned.

Based on your use case, you use the Create, Save As, or Specialization form to create the record. The number of fields and available options varies by record type. Start by familiarizing yourself with the generic layout of these forms and their common fields:

This information identifies the key parts and options that apply to the record type that you are creating.

Create an Access of Role to Object rule by selecting Access of Role to Object from the Security category.

Key parts:

An Access of Role to Object rule has two key parts.

Field

Description

Role Name

Enter an existing access role name.

Access Class

Identify an abstract or concrete class that users who hold this access role need to access in some way. Enter the full class name.

To provide uniform access to both a parent class and all its subclasses, enter the parent class name.

Enter a RuleSet name, for the Export Archive tool use. This RuleSet name does not affect rule resolution processing.

Access of Role to Object rules

For standard access roles such as PegaRULES:SysArch4 or PegaRULES:User4, the Pega Platform includes corresponding standard Access of Role to Object rules, including a rule for @baseclass. If you create access roles, be sure to create a last-resort Access of Role to Object rule at @baseclass for that access role, so that the class inheritance search always ends successfully.

Rule resolution

Rule resolution does not apply to Access of Role to Object rules. Your system can contain at most one Access of Role to Object rule for each Applies To class and Role Name combination. Circumstanced versions are not supported by Access of Role to Object rules.

As a best practice to avoid confusion and difficult-to-debug security configurations, place each Access of Role to Object rule in the same RuleSet as the RuleSet of the Access Class — the second key part.

When searching for an Access of Role to Object rule, the system first looks for an exact match on both key parts — Role Name and Access Class. If none is found, the system uses pattern inheritance and directed inheritance (following the approach used by rule resolution) on the Access Class key part to attempt to locate a rule.