About Access Role rules
|
|
An access role rule defines a name for a role, and represents a set of capabilities. To deliver the capabilities to users, you reference the access role name in other rule types to assign the access role to users and to provide, or restrict, access to certain classes.
Create access role names using the format application name:role name, where application name is the name of your application and role name is the name of a role that uses the application.
An access role identifies a job position or responsibility defined for an application. For example, an access role can define the capabilities of LoanOfficer or CallCenterSupervisor. The system grants users specified capabilities, such as the capability to modify instances of a certain class, based on the access roles they acquire at sign on.
The Access Role form defines only the existence of a new access role. It contains no other information and conveys no capabilities. Through other rule types, access roles provide users various types of access to classes. They provide a finely tuned differentiation of categories or groupings of users of your application.
Access role names form the first key part of Access of Role to Object rules (Rule-Access-Role-Obj rule type) and Access Deny Obj rules (Rule-Access-Deny-Obj rule type). Access roles are conveyed to users through access groups.
Use the Access Roles landing page tab on the Security landing page ( Designer Studio > Org & Security> Security > Access Roles) to view or modify a list of the access roles in your application.
Use the Records Explorer to list all access roles that are available to you.
Access Role Name rules are instances of the Rule-Access-Role-Name class. They are part of the Security category.