Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

More About Access Deny rules

Updated on March 15, 2022

Learn about when access deny rules take effect and see an example.

When effective

After you save an Access Deny form, active requestor sessions on the current node that are associated with that rule are immediately updated. Requestors at other nodes in a cluster are updated when the next system pulse occurs on their node.

Example

Assume an application includes classes named Data-Refund-Basic, Data-Refund-Silver, and Data-Refund-Gold, all derived from the Data-Refund- abstract class, and two access roles named Refund:Worker and Refund:Super.

You want both types of users to be able to work on all three classes, except that users with the Refund:Worker role may not delete Data-Refund-Gold data instances.

You can accomplish this with three rules:

Rule typeKey classAccess roleDescription
Access of Role to ObjectData-Refund-Refund:WorkerGrant full access to all three classes.
Access of Role to ObjectData-Refund-Refund:SuperGrant full access to all three classes.
Access Deny Data-Refund-GoldRefund:WorkerDeny Delete access to this class for workers; no change for others.

You can achieve the same results without any Access Deny rules, by granting needed Data-Refund-Gold access capabilities one-by-one. However, using one Access Deny rule in this situation is simpler and easier to understand and maintain.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us