What should be the class of a Privilege rule in Pega?
I have a section on the landing page of a user portal in Data-Portal Class. The section has a Navigation Menu (in Data-Portal Class). Few items of the menu should be visible only to the Admin (Users having the Role Appl:Admin).
I need to refer an Admin Privilege in the Navigation menu properties ('Visible for privilege' field) for the items I need only Admin to access.
I can only refer Privilege rules here that are in the class or below Data-Portal (Data-Portal, Data-, @baseclass).
In which class do I create this Privilege Rule. Is it wise to create it in @baseclass in the Admin Access Role Appl:Admin.
In general how do you choose the class of the Privilege- based on the rule where it is referrred?
I do not have a straight answer for your question. I tried to put my understanding of Privileges here.
When we are using the privileges to control the UI like Navigations and Sections, running Report Definition, the privilege must be present in the hierarchy of the applies to class of the rule. Here we can not control the access by using privilege from other classes.
But to control the execution of few rules like activity, flow action, Summary view, list view, Parse Structured, Corr rules etc; we will have option to give (className, privName) combination explicitly. In this case we can give any class name.
Other important part is to granting the privilege to a user through Access Role Object. For granting privilege on a class (through RARO instance), it must be present in the class hierarchy.
Considering above three combinations, I think creating privilege in the current class or anywhere in the hierarchy will solve all the above three use cases. If we have a privilege created in the system and we want to use the same in scenario like #2 above , we don't need to create new privilege in the class hierarchy, instead we can use the existing one with class & Privilege combination (as long as the access restriction purpose of the created privilege includes current scenario as well).