An access role is an instance of the Rule-Access-Role-Name rule type. An access role can be assigned to users (or requestors) to influence their access control.
Use an access role name to convey permissions (capabilities) to a user or a group of users. Access roles can be referenced in requestor instances, Operator ID instances, in access group instances, in activities, and in queries. Standard access roles (with names starting with PegaRULES:
) define capabilities for:
At log in, the system assembles a set of roles for a user based on information in a user's requestor instance, Operator ID instance, and the associated access group instance. Access roles associated with a user are empowering, as they grant capabilities.
Access roles influence which classes a user can view, update, delete, and so on through the Access of Role to Object and Access Deny rule types.
Do not confuse access roles with access groups, which affect RuleSet and version visibility. Access groups are data instances (of the Data-Admin-Operator-AccessGroup class), while access roles are rules.
To determine whether the current user holds a role, call the standard Boolean function HaveRole():
Lib(Pega-RULES:Default).HaveRole(this, "rolename").