You must create or modify an access role obj rule when:

• You have created new classes in your application and need to specify role access for them. Generally, if you are copying a class from the application ruleset to your ruleset rather than creating a new class, the access provided with the application classes will be inherited by your copied classes.
• You have created a new role and need to specify class access for it.
• You have created a new privilege and need to associate it with a particular class and role combination.
• You have created an access setting rule (of type Rule-Access-Setting) and want to add it to a given class and role combination.

Before creating an access role obj rule, you should understand how production levels relate to access control and privileges. These are described in the following sections. For complete information on access role obj rules, see the Pega 8 — Administration and Security section of the Community and the online Help.

The following shows an example of an access role obj rule for the class @PegaSI-Work- and the role PegaSI:User2. Each access role obj rule represents a class/role combination. The class and role make up the rule’s name. For example, PegaSI:User2@PegaSI-Work- is the rule name.