Skip to main content


Understanding Access Deny rules

Suggest edit Updated on June 30, 2021

Access Manager simplifies the process of granting authorization and as a best practice should be used instead of working directly with Access Deny rule forms. In the Pega Platform, select Dev Studio > Org & Security > Access Manager.

Use an Access Deny rule to restrict users who have a specified access role from accessing instances of specific classes under certain conditions. Denial of access to the class can depend on the production level value (1 to 5) of your system or whether certain Access When rules evaluate to true.

Conversely, a value of zero or blank allows access (access is not denied).

By default, all access to a class is denied except when explicitly granted using Access Manager (or editing an Access of Role to Object rule). However, government, or company regulations and policies sometimes require explicit denial of access to specific capabilities. In these cases, use Access Deny rules to explicitly deny access to an access role and class combination.


Use the Application Explorer or Records Explorer to list access deny rules available to you.


Access Deny rules are instances of the Rule-Access-Deny-Obj rule type. They belong to the Security category.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us