Access When rules

An Access When rule defines a test that the system performs to allow, or disallow, a user from performing an operation or accessing information (instances of a specific class) based on security requirements.

The following tabs are available on this form:

  • Conditions
  • Advanced
Important: Don't confuse the Rule-Access-When rule type — referenced only to control user access to a class — with the more widely used Rule-Obj-When rule type. The forms are similar, but the purpose and references are different.

Where referenced

Access When rules are referenced in the Access Manager, Access of Role to Object rules and Access Deny rules. In the Access Manager, use Access When rules to conditionally authorize access by case type to cases (class instances), assignments, flows and flow actions, and to functions on the Tools tab. Use of the Access Manager is recommended instead of directly modifying Access of Role to Object and Access Deny rules.

For a property that has a Type of TextEncrypted, an Access When rule controls when the system decrypts the encrypted value. If your system uses the TextEncrypted type, limit the ability to create, update or delete rules of this type, as such rules can enable access to the decrypted values.


Use the Application Explorer to list Access When rules in your application. Use the Records Explorer to list all the Access When rules that are available to you.


Access When rules are instances of the Rule-Access-When class. They belong to the Security category.