Understanding Access Deny rules
Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access Deny rule forms. In the Pega Platform, select Dev Studio > Org & Security > Access Manager.
Use an Access Deny rule to restrict users who have a specified access role from accessing instances of specific classes under certain conditions. Denial of access to the class can depend on the production level value (1 to 5) of your system or whether certain Access When rules evaluate to true.
Conversely, a value of zero or blank allows access (access is not denied).
By default, all access to a class is denied except when explicitly granted using Access Manager (or editing an Access of Role to Object rule). However, government, or company regulations and policies sometimes require explicit denial of access to specific capabilities. In these cases, use Access Deny rules to explicitly deny access to an access role and class combination.
Use the Application Explorer or Records Explorer to list access deny rules available to you.
Access Deny rules are instances of the Rule-Access-Deny-Obj rule type. They belong to the Security category.
ArticleMore About Access Deny rules