Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Understanding Access When rules

Updated on June 30, 2021

An Access When rule defines a test that the system performs to allow, or disallow, a user from performing an operation or accessing information (instances of a specific class) based on security requirements.

Important: Don't confuse the Rule-Access-When rule type — referenced only to control user access to a class — with the more widely used Rule-Obj-When rule type. The forms are similar, but the purpose and references are different.

Where referenced

Access When rules are referenced in the Access Manager, Access of Role to Object rules and Access Deny rules. In the Access Manager, use Access When rules to conditionally authorize access by case type to cases (class instances), assignments, flows and flow actions, and to functions on the Tools tab. Use of the Access Manager is recommended instead of directly modifying Access of Role to Object and Access Deny rules.

For a property that has a Type of TextEncrypted, an Access When rule controls when the system decrypts the encrypted value. If your system uses the TextEncrypted type, limit the ability to create, update or delete rules of this type, as such rules can enable access to the decrypted values.


Use the Application Explorer to list Access When rules in your application. Use the Records Explorer to list all the Access When rules that are available to you.


Access When rules are instances of the Rule-Access-When class. They belong to the Security category.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us