An access role is an instance of the Rule-Access-Role-Name class.

Use an access role name to convey permissions (capabilities) to a user or a group of users. Access roles can be referenced in requestor instances, Operator ID instances, in access group instances, in activities, and in queries. Standard access roles (with names starting with PegaRULES:) define capabilities for:

• Guests
• Authenticated users
• Work managers
• Developers

At log in, the system assembles a set of roles for a user based on information in a user's requestor instance, Operator ID instance, and the associated access group instance. Access roles associated with a user are empowering, as they grant capabilities.

Access roles influence which classes a user can view, update, delete, and so on through the Access of Role to Object and Access Deny rule types.

To determine whether the current user holds a role, call the standard Boolean function HaveRole():

Lib(Pega-RULES:Default).HaveRole(this, "rolename").

	privilege, work manager
	About Access Deny rules  About Access Role Name rules About Access of Role to Object rules

Definitions — A