Defining permissions by using Access of Role to Object rules
Use the Access of Role to Object rule form to define the permissions that an access role has for a class.
When you define an Access of Role to Object rule, you define access controls for various core functions by role and access class. You can define access controls by using either Access Manager or the Access of Role to Object rule form. The rule form enables somewhat more precise control when entering production levels. For more information about Access Manager, see Access Manager landing page.
You specify access controls by entering either a production level or an Access When rule name. At run time, the system evaluates the value to determine whether access is granted.
- If you enter a When rule name, the system uses the access class and class inheritance to find the Access When rule, and then evaluates the When rule to see if access is granted.
- If you enter a production level, the system compares this level with the production level of the current system. The privilege is granted only if the access control's production level is greater than or equal to the system's production level. Enter 0 to provide no access. Enter 5 to allow access to all systems. When privilege inheritance and role dependency are in effect, a value of blank is undefined (neither true nor false); otherwise, a value of blank indicates no access. For more information on privilege inheritance and role dependency, see Privilege inheritance for access roles and Configuring an access role.