Access Role form - Using the Role tab

You can do one of the following actions on the Role tab:

• Clone from – Specify the name of an access role from which to clone a new role.
• Manage dependent roles – Click to add, change, or delete a role or roles from which the access role inherits all the privileges and access rights.
• Inherit privileges within class hierarchy – Select this check box to simplify the process of granting operator access to a feature protected by privileges. At run time, the system searches the class hierarchy for Rule-Access-Role-Obj instances for the current access role.

In the grid, each row represents a Rule-Access-Role-Obj instance that is associated with the role that you opened.

• In the Access Class column, click an access class to display or edit the Rule-Access-Role-Obj instance.
• In the Privileges column, the system lists the privileges associated with the Rule-Access-Role-Obj.
• For each access class, use the other columns to review the privilege settings for these operations: read instances, write instances, delete instances, read rules, write rules, delete rules, execute reports, and execute activities.
• The values in these columns represent the access permissions for each operation:
  • 0 or blank – Use to prohibit access to the operation.
  • 1 – Use for test systems or low-security systems.
  • 5 – Use for production or high-security systems. Use to allow access to all operations in production or high-security systems.

  Each value is compared with the production level of the deployed system. When the Rule-Access-Role-Obj setting is equal to or greater than the system production level, access is permitted.