Access Role form - Using the Role tab

To view Access of Role to Object ( Rule-Access-Role-Obj ) rules for an access role and to enable privilege inheritance, use the Role tab.

You can do one of the following actions on the Role tab:

  • Clone from – Specify the name of an access role from which to clone a new role.
  • Manage dependent roles – Click to add, change, or delete a role or roles from which the access role inherits all the privileges and access rights.
  • Inherit privileges within class hierarchy – Select this check box to simplify the process of granting operator access to a feature protected by privileges. At run time, the system searches the class hierarchy for Rule-Access-Role-Obj instances for the current access role.

In the grid, each row represents a Rule-Access-Role-Obj instance that is associated with the role that you opened.

  • In the Access Class column, click an access class to display or edit the Rule-Access-Role-Obj instance.
  • In the Privileges column, the system lists the privileges associated with the Rule-Access-Role-Obj.
  • For each access class, use the other columns to review the privilege settings for these operations: read instances, write instances, delete instances, read rules, write rules, delete rules, execute reports, and execute activities.
  • The values in these columns represent the access permissions for each operation:
    • 0 or blank – Use to prohibit access to the operation.
    • 1 – Use for test systems or low-security systems.
    • 5 – Use for production or high-security systems. Use to allow access to all operations in production or high-security systems.

    Each value is compared with the production level of the deployed system. When the Rule-Access-Role-Obj setting is equal to or greater than the system production level, access is permitted.