Access Deny form
|
|
Best practice: Use Access Manager to deny authorization instead of working directly with the fields in this tab. Access Manager simplifies the process and updates your Access Deny rules. Select > Org & Security > Access Manager. See Org and Security category - Access Manager landing page for more information.
For each of the user actions that you want to deny, you can enter a numeric value between 1 and 5, or reference an Access When rule. Access is denied when the Access Control value is greater than or equal to the production level of this system. When an Access When rule is used, the system evaluates the rule and denies access when the result of the Access When rule is True
.
If a field contains 0 or is blank, access is permitted (not denied).
Users may need the first six types of access to operate on instances. The last three types are usually needed only by application developers.
The production level of the system is visible on the System form.
Field |
Description |
Access Controls | |
Open Instances |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule. This determines whether holders of the access role identified as the first key part of this rule are denied the ability to open existing instances of the class identified in the second key part of this Access Deny rule. |
Modify Instances |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule. This determines whether holders of the access role identified as the first key part of this rule are denied the ability to save new or modified instances of the class identified as the second key part of this rule. |
Delete Instances |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule. This determines whether holders of the access role identified as the first key part of this rule are denied the ability to delete instances of the class identified as the second key part of this rule. |
Run Reports |
Optional. This determines whether holders of the access role identified as the first key part of this rule can run reports that reference instances of the class identified as the second key part of this rule, including reports using searches performed by list view and summary view rules. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule. The message: You are not authorized to run this view. indicates that a user lacks the capability provided by this field. |
Execute Activities |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the Access Class key part of this Access of Role to Object rule and class inheritance to find the Access When rule. This determines whether holders of the access role identified as the first key part of this rule are denied the ability to execute activities that belong to the class identified as the second key part of this rule. |
Open Rules |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.
As a best practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to This determines whether holders of the access role identified as the first key part of this rule are denied the ability to open rules with the class as a key part. |
Modify Rules |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.
As a best practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to This determines whether holders of the access role are denied the ability to save new or modified rules with the class as a key part. |
Delete Rules |
Optional. Enter the When Name key part of an Access When rule, or a level value between 1 and 5. If you enter a name, the system uses the class of the primary page at runtime to locate an Access When rule.
As a best practice, create the Access When rule in the Rule- base class. That is, set the Applies To key part of the Access When rule to This determines whether holders of the access role are denied the ability to delete rules with the class as a key part. |