Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.
Privilege setup involves two elements that link the rule, access role, and class:
- A rule that requires a privilege before it can be used or accessed.
- Access roles that are evaluated at run time to determine whether the privilege has been granted for a requestor.
At run time, the system compares the set of privileges that are associated with the requestor's access roles with the set of privileges that are required by a rule. If the requestor holds any of the required privileges, the requestor can, for example, run the activity, use the correspondence, or generate the report.
Circumstances and time-based qualifications are not available for privilege rules.