Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Understanding Access Deny rules

Updated on June 30, 2021

Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access Deny rule forms. In the Pega Platform, select Dev Studio > Org & Security > Access Manager.

Use an Access Deny rule to restrict users who have a specified access role from accessing instances of specific classes under certain conditions. Denial of access to the class can depend on the production level value (1 to 5) of your system or whether certain Access When rules evaluate to true.

Conversely, a value of zero or blank allows access (access is not denied).

By default, all access to a class is denied except when explicitly granted using Access Manager (or editing an Access of Role to Object rule). However, government, or company regulations and policies sometimes require explicit denial of access to specific capabilities. In these cases, use Access Deny rules to explicitly deny access to an access role and class combination.


Use the Application Explorer or Records Explorer to list access deny rules available to you.


Access Deny rules are instances of the Rule-Access-Deny-Obj rule type. They belong to the Security category.

  • Previous topic Standard Access of Role to Object rules
  • Next topic Completing the New or Save As form for Access Deny rules

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us