Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Access Control Policy rule

Updated on July 1, 2021

You use access control policies to restrict user actions. In the Access Control Policy form, you define a policy that grants access to an object by evaluating the conditions that you specify. You can set one of four levels of access: read, update, discover, or delete.

For example, an access control policy for a sales automation application might restrict access to a sales account to the user who owns the account or to a user who is included in an exception list of non-owners who have access.

Note: You can create access control policies only for Assign-, Data-, Index- and Work- classes.

Access control policies are enforced everywhere in Pega Platform, not just within the UI, including all reporting rules, search, and custom SQL written by developers.

Rule resolution

Unlike role-based access controls, attribute-based access control policies use the system's full inheritance functionality. Access policy rules can be inherited from multiple classes, in which case the relevant policies are combined and access is allowed only when all such policy conditions are satisfied.

Related articles

Attribute-based access controlUsing security attributes markingsCreating an access control policyExcluding properties with access control policies from search results

Tags

Pega Platform 8.5 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us