More about Privilege rules

You are here: Reference > Rule types > Privileges > More about Privilege rules

More about Privilege rules
About New Roles History More...

Where referenced

After a privilege is defined, you can associate it with specific rules in nine rule types. One rule type conveys access and eight types restrict access:

Access of Role to Object rules — To convey privileges to those users who hold an access role
Activities — To limit execution of the rule to users who hold a privilege
Attachment category rules — To limit operations that can be performed on an attachment
Correspondence — To limit use of the rule to users who hold a privilege
Flows — To limit starting the flow to users who hold a privilege
Flow actions — To limit selection of the action to users who hold a privilege
List view rules — To limit which users can produce the list view report
Parse Structured rules — To limit execution of the rule to users who hold a privilege
Summary view rules — To limit which users can produce the summary view report or chart

In addition, privileges can affect the operation of user forms, including which sections are visible, which buttons are enabled, and which icons are enabled. Privileges can enable the use of file attachments, and access to certain tools and portal facilities.

At runtime, the system compares the set of privileges associated with the requestor's access roles with the set of privileges associated with these objects. If the requestor holds any of the required privileges, they can run the activity, use the correspondence, execute the report and so on.

Testing for a privilege

To determine whether a requestor holds a specific privilege, your application can call the standard Boolean function HavePrivilege(), which returns true or false:

@(Pega-RULES:Default).HavePrivilege("tools", privname, privAppliesTo, pagename)

where the second and third parameter identify the two key parts to a Rule-Access-Privilege rule. If you omit a value for the third parameter, the system uses the class of page identified in the optional fourth parameter as the Applies To key part of the privilege rule.

Determining which privileges a user holds

To test your privilege and security setup, you can use the HavePrivilege() function with a report to list all privileges that a user holds. See PDN article How to list all privileges available to a user.

	access role, attachment, attachment category, privilege, RuleSet list
	About Access Role Name rules About Access of Role to Object rules Privilege-Check method
	Atlas — Standard privileges

About Privilege rules

Open topic with navigation