About Privileges and Roles

The operations you can perform, and the object classes you can perform them on, are determined by the privileges and/or role assignments that have been defined for your user.

The purpose of this chapter is to explain how privileges and roles work, the differences between them, and how you can use them to control which users can perform the various tasks in your applications and processes.

Managing privileges and roles using the Administration Console is described in Process Configuration Users and Roles.

A privilege is a function or action that a user or group can perform, such as editing the content of items or managing lifecycles. There are a set of privilege rules that you can specify in the Administration Console for each privilege that determines which users can perform that function, and under what conditions. For example, the ability to update a design part can be restricted to the user who originally created the design part or any member of the ADMIN group.

A role consists a collection of privileges that can be assigned to a user or group. For example, if you are assigned the role of PRODUCT-MANAGER you can perform all the functions permitted for that role, for example deleting or renaming a product.

The fundamental differences between roles and privileges are:

Related Topics

About Privileges and Roles

Managing Privileges

Managing Roles