Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Controlling role evaluation for access groups

Updated on July 1, 2021

Typically, when the system determines a user's access rights to a class, it searches Access of Role to Object ( Rule-Access-Role-Obj ) rules for all of the access roles listed in the operator’s access group. Access is granted if any of these access roles permit it. You can, instead, control how many access roles are searched and the order in which they are searched.

The order in which access roles are searched is determined by the order in which they are listed in the operator’s access group. An option on the access group lets you specify that the search process stops as soon as an access role is found with a relevant Access of Role to Object rule that either grants or denies access.
  1. In the header of Dev Studio, click ConfigureOrg & SecurityGroups & RolesAccess Groups.
  2. Click an access group name to open the Access Group rule form.
  3. On the Definition tab, select the Stop access checking once a relevant Access of Role to Object instance explicitly denies or grants access check box.
  • Previous topic Updating access groups by submitting a request to an active instance
  • Next topic Viewing operations available to access role assignees

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us