Understanding role permissions and privileges in Access Manager
Privileges complement the security and access control features provided by access roles by restricting access to specific rules rather than to entire classes. A privilege associates an access role with a rule that needs to be secured. Create privileges to more precisely define the access control features that are provided by Access of Role to Object rules. A privilege is identified by its name and Applies to class.
Privilege setup involves two elements that link the rule, access role, and class:
- A rule that requires a privilege before it can be used or accessed.
- Access roles that are evaluated at run time to determine whether the privilege has been granted for a requestor.
At run time, the system compares the set of privileges that are associated with the requestor's access roles with the set of privileges that are required by a rule. If the requestor holds any of the required privileges, the requestor can, for example, run the activity, use the correspondence, or generate the report.
Circumstances and time-based qualifications are not available for privilege rules.