About Access of Role to Object rules
Access of Role to Object form
|
|
Use Access Manager to grant authorization instead of working directly with the fields in this tab. Access Manager simplifies the process and updates your Access of Role to Object rules. In Access Manager, when you modify the access level, the system updates this form, or creates a new form with the changes.
| Access Manager change | Access of Role to Object form change |
| Full access | Access Control level to instances of the case type is set to 5. |
| No access | Access Control level to instances of the case type is set to 0. |
| Conditional access | The specified Access-When rule is entered in the Access Control field; the condition must be met in order to perform the operation on instances of the case type. |
In Designer Studio, click Designer Studio > Org & Security > Access Manager. See Access Manager — Authorizing Work & Process items for more information.
If you choose to edit this form directly instead of using Access Manager: For each of the categories, you can enter an Access When rule name, or a numeric value between 0 and 5.
Enter 0 or leave blank to prohibit all access. Enter a value between 1 and 5 to provide access. If, at runtime, the production level of your Pega 7 Platform system is not greater than the numeric value, then users with the specified access role can perform the operation on objects in the access class. If an Access When rule evaluates to True at runtime, the users with the specified access role can perform the operation.
For example, assume the key to this instance in the Purchasing application is Purchasing:Supervisor.Data-Customer, the production level of the system is 3, and the value in the Open Instances is 4. Users with the Supervisor role can open instances of the Data-Customer class.
If the same Access of Role to Object rule instance is present on a system with a production level of 5, a user with the Supervisor role cannot open instances of the Data-Customer class.
The first four categories are needed to operate on instances. Execute Activities controls access to running activities in this class. The Open, Modify, and Delete Rules settings are usually needed only by application developers.
The production level of the system is shown on the System form.
Field |
Description |
| Open Instances |
Optional. This determines whether holders of the access role identified as the first key part of this rule can open instances of the class identified as the Access Class key part of the rule to open. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of the rule to open, and class inheritance, to find the Access When rule. |
| Modify Instances |
Optional. This determines whether holders of the access role identified as the first key part of this rule can save new or modified instances of the class identified as the second key part of the rule to be saved. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of the rule to be saved, and class inheritance, to find the Access When rule. |
| Delete Instances |
Optional. This determines whether holders of the access role identified as the first key part of this rule can delete instances of the class identified as the second key part of the rule to be deleted. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of the page passed in to the Delete method. This is usually, but not necessarily, the entire page. It is possible to pass to the Delete method a page containing only the keys of the instance to be deleted. |
| Run Reports |
Optional. This determines whether holders of the access role identified as the first key part of this rule can run reports against the class being reported on or listed. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. The message: You are not authorized to run this view. indicates that a user lacks the capability provided by this field. |
| Execute Activities |
Optional. This determines whether holders of the access role identified as the first key part of this rule can execute activities with an applies to class identified as the second key part of this rule. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule. |
| Open Rules |
Optional. This determines whether holders of the access role identified as the first key part of this rule can open rules with the class as a key part. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule. As a best practice, create the Access When rule in the Rule- base class. |
| Modify Rules |
Optional. This determines whether holders of the access role can save new or modified rules with the class as a key part. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule. As a best practice, create the Access When rule in the Rule- base class. |
| Delete Rules |
Optional. This determines whether holders of the access role can delete rules with the class as a key part. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule. As a best practice, create the Access When rule in the Rule- base class. |