Configuring an access role
To define a set of permissions within an application, configure an access role.
Before you begin:
You must complete the following task before you can configure an access role:
Creating an access role by using the rule form
-
Create an access role, or open an existing access role by doing one of the following
steps:
- In the navigation panel, click Records > Security > Access Role Name and choose an access role from the instance list.
- In the Dev Studio header, click Configure > Org & Security > Tools > Security > Role Names and double-click a role name.
- Optional:
To copy permissions from an existing access role into your access role, do the
following steps:
Warning: This step removes Access of Role to Object rules that were previously defined for your access role.
- In the Clone from field, press the Down Arrow key and select an access role to copy.
-
Click
Clone.
Result: The Access of Role to Object rules for the Clone from role are copied to your access role (overriding any that you already defined). The new values appear in the Access Class table.
- Optional:
To inherit permissions from existing access roles without copying them, do the
following steps:
- Click Manage dependent roles.
- To add a role dependency, click Add dependent role, press the Down Arrow key, and select an access role.
- To remove a role dependency, click the Delete this row icon.
- Click Submit.
-
To simplify the process of granting operator access to a feature protected by
privileges, select
Inherit privileges within class hierarchy.
When this is selected, at run time, the system searches the class hierarchy for Access of Role to Object instances. For more information, see Privilege inheritance for access roles.
-
To define the permissions that this access role has for various classes, you add,
update, or delete Access of Role to Object rules in the
Access
Class
table. When you click an
Access Class
name or
the
Add a row
icon, a dialog is displayed where you configure the
Access of Role to Object rule.
Standard access roles such as PegaRULES:SysArch4 and PegaRULES:User4 include corresponding standard Access of Role to Object rules, including a rule for @baseclass. Be sure to create a last-resort Access of Role to Object rule at @baseclass so that the class inheritance search always ends successfully.
- For a new Access of Role to Object rule, in the Class field, press the Down Arrow key and select a class.
-
In the listed fields, enter a
production
level
or Access When rule name. At run time, the system evaluates the value
to determine whether access is granted.
For more information about these fields, see Defining permissions by using Access of Role to Object rules
- Optional:
In the
Privileges
table, enter one or more privileges. For
each privilege, enter a
production
level
or Access When rule name.
For more information about assigning privileges, see Specifying privileges for an Access of Role to Object rule
- Optional:
In the
Access
table, enter one or more settings. For each
setting, enter a value.
For more information about assigning settings, see Defining access settings for an Access of Role to Object rule.
- Click Submit.
- Click Save.