Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.
Privilege setup involves two elements that link the rule, access role, and class:
At run time, the system compares the set of privileges that are associated with the requestor's access roles with the set of privileges that are required by a rule. If the requestor holds any of the required privileges, the requestor can, for example, run the activity, use the correspondence, or generate the report.
Circumstances and time-based qualifications are not available for privilege rules.