Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Completing the Security tab for Access Deny rules

Updated on June 30, 2021

Best practice: Use Access Manager to deny authorization instead of working directly with the fields in this tab. Access Manager simplifies the process and updates your Access Deny rules.

Select Dev Studio > Org & Security > Access Manager.

For each of the user actions that you want to deny, you can enter a numeric value between 1 and 5, or reference an Access When rule. Access is denied when the Access Control value is greater than or equal to the production level of this system. When an Access When rule is used, the system evaluates the rule and denies access when the result of the Access When rule is True.

If a field contains 0 or is blank, access is permitted (not denied).

Users may need the first six types of access to operate on instances. The last three types are usually needed only by application developers.

The production level of the system is visible on the System form.

FieldDescription
Open Instances Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the Access Class key part of the rule to open, and class inheritance, to find the Access When rule.

This determines whether holders of the access role identified as the first key part of this rule are denied the ability to open existing instances of the class identified in the second key part of this Access Deny rule.

Modify Instances Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the Access Class key part of the rule to be modified, and class inheritance, to find the Access When rule.

This determines whether holders of the access role identified as the first key part of this rule are denied the ability to save new or modified instances of the class identified as the second key part of this rule.

Delete Instances Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the Access Class key part of the page passed in to the Delete method. This is usually, but not necessarily, the entire page. It is possible to pass to the Delete method a page containing only the keys of the instance to be deleted.

This determines whether holders of the access role identified as the first key part of this rule are denied the ability to delete instances of the class identified as the second key part of this rule.

Run Reports Optional. This determines whether holders of the access role identified as the first key part of this rule can run reports against the class being reported on or listed.

Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

The message:

You are not authorized to run this view.

indicates that a user lacks the capability provided by this field.

Execute Activities Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule.

This determines whether holders of the access role identified as the first key part of this rule are denied the ability to execute activities that belong to the class identified as the second key part of this rule.

Open Rules Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.

As a leading practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to Rule-.

This determines whether holders of the access role identified as the first key part of this rule are denied the ability to open rules with the class as a key part.

Modify Rules Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.

As a leading practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to Rule-.

This determines whether holders of the access role are denied the ability to save new or modified rules with the class as a key part.

Delete Rules Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5.

If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.

As a leading practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to Rule-.

This determines whether holders of the access role are denied the ability to delete rules with the class as a key part.

About Access Deny rules

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us