Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.

Privilege setup involves two elements that link the rule, access role, and class:

  • A rule that requires a privilege before it can be used or accessed.
  • Access roles that are evaluated at run time to determine whether the privilege has been granted for a requestor.

At run time, the system compares the set of privileges that are associated with the requestor's access roles with the set of privileges that are required by a rule. If the requestor holds any of the required privileges, the requestor can, for example, run the activity, use the correspondence, or generate the report.

Circumstances and time-based qualifications are not available for privilege rules.