> For the complete documentation index, see [llms.txt](https://docs.yansalabs.com/okta-orchestrator/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-rules.md).

# Access Rules

{% hint style="info" %}
**Access Rules** enable automated access provisioning according to user attributes.
{% endhint %}

Access Rules are useful for automatically granting **Access Entities** to users in a particular department, group, or location, for example. They can be checked and applied periodically to maintain accuracy of access entitlements and ensure your application licenses are optimally allotted.

<figure><img src="/files/0p35tzo6S8MIdOKufjy4" alt=""><figcaption><p>Access Rule</p></figcaption></figure>

* **Type**: Type of check to apply before applying access to users
  * **Simple**: Run a simple filter condition against all users, and grant access to all users that match
  * **Scripted**: For each user, apply the script and return true/false if the access should be granted
* **Brute force mode**: When disabled, all access requests are made via Catalog Items, and include all associated approvals and checks against Okta prior to granting access. When enabled, the Service Catalog and all approvals/checks are bypassed, immediately making the access request to Okta.
* **Run daily for all user**: When enabled, this rule will run daily for all active users in ServiceNow.

{% hint style="info" %}
By default, any **Access Rule** with **Run daily for all users** is assessed once-per-day via the scheduled job *Okta Orchestrator - Run Daily Access Rules*.

If you wish to run **Access Rules** on demand, see the section below to [**Programmatically Apply Access Rules**](#programmatically-applying-access-rules)**.**
{% endhint %}

{% hint style="warning" %}
Using **Run daily for all users** can result in a large computation load on ServiceNow and the Okta instance. If enabled, it is recommended that **Brute force mode** is enabled, and that **Track assignment locally** is enabled for all associated [Access Entities](/okta-orchestrator/technical-docs/access-provisioning/access-entities.md).
{% endhint %}

* **Access entities**: [**Access Entities**](/okta-orchestrator/technical-docs/access-provisioning/access-entities.md) that will be granted/removed by this Access Rule
* **Apply inverse**: If enabled, access will be removed from users who do not match the rule. If disabled, the rule is only able to *grant* access, but not *remove.*

### Programmatically Applying Access Rules

All **Access Rules** can be assessed for a specific user with:

```javascript
var ocHelper = new x_yala_okta_cat.OktaCatalogHelper();
ocHelper.processAccessRules([user sys_id]);
```

A single **Access Rule** can be assessed for a specific user with:

```javascript
var ocHelper = new x_yala_okta_cat.OktaCatalogHelper();
ocHelper.processAccessRule([access rule sys_id],[user sys_id]);
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.yansalabs.com/okta-orchestrator/technical-docs/access-provisioning/access-rules.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.