Back Forward Access of Role to Object rules
Completing the New or Save As form

About Access of Role to Object rules

Create an Access of Role to Object rule by selecting Access of Role to Object from the Security category.

An Access of Role to Object rule has two key parts. Each rule links an access role and a class:

Field

Description

Role Name

Enter an existing access role name.

Access Class

R-10246 Identify an abstract or concrete class that users who hold this access role need to access in some way. Enter the full class name.

To provide uniform access to both a parent class and all its subclasses, enter the parent class name. B-18524 validation

Enter a RuleSet name, for the Export Archive tool use. This RuleSet name does not affect rule resolution processing.

For general information on the New form, see Completing the new rule dialog box. For general information on the Save As form, see How to enter rule keys using Save As.

How the system locates rules at runtime

When searching for an Access of Role to Object rule, the system first looks for an exact match on both key parts — Role Name and Access Class. If none is found, the system uses pattern inheritance and directed inheritance (following the approach used by rule resolution) on the Access Class key part to attempt to locate a rule. Clinic 9/15/09 GENTJ

For standard access roles such as PegaRULES:SysArch4 or PegaRULES:User4, Process Commander includes corresponding standard Access of Role to Object rules, including a rule for @baseclass. If you create access roles, be sure to create a last-resort Access of Role to Object rule at @baseclass for that access role, so that the class inheritance search always ends successfully.

CautionHowever, access of Role to Object rules are not subject to rule resolution on the Role Name field, and affect all users on a system. As a best practice to avoid confusion and difficult-to-debug security configurations, place each Access of Role to Object rule in the same RuleSet as the RuleSet of the Access Class — the second key part.CLINB 1/14/09

Rule resolution

Rule resolution does not apply to Access of Role to Object rules. Your system can contain at most one Access of Role to Object rule for each Applies To class and Role Name combination. Stated another way, you can't override Access or Role to Object rules. B-20022 rejected

Up About Access of Role to Object rules