Skip to main content

Table of Contents

Understanding Access Deny rules


Only available versions of this content are shown in the dropdown

Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access Deny rule forms. In the Pega Platform, select Dev Studio > Org & Security > Access Manager.

Use an Access Deny rule to restrict users who have a specified access role from accessing instances of specific classes under certain conditions. Denial of access to the class can depend on the production level value (1 to 5) of your system or whether certain Access When rules evaluate to true.

Conversely, a value of zero or blank allows access (access is not denied).

By default, all access to a class is denied except when explicitly granted using Access Manager (or editing an Access of Role to Object rule). However, government, or company regulations and policies sometimes require explicit denial of access to specific capabilities. In these cases, use Access Deny rules to explicitly deny access to an access role and class combination.


Use the Application Explorer or Records Explorer to list access deny rules available to you.


Access Deny rules are instances of the Rule-Access-Deny-Obj rule type. They belong to the Security category.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us