In this quick tutorial you will learn about How to application security in Pega 8
Access control secures applications:
- Application and data security are major concerns due to risk of customer loss, data breaches, and legal and financial penalties.
- You can satisfy common security requirements by controlling the application features and functions users can access.
Attribute- and role-based access control:
In Pega applications, you configure access control security based on user roles using role-based access control (RBAC)
If an application requires further security, you can configure attribute-based access control (ABAC)
- You use ABAC to restrict access to specific instances of classes or to specific properties with instances independent of an access group role.
- Restrictions are enforced through access control policies that specify the type of access that is allowed (Rule-Access-Policy).
- You define a set of policy conditions that compare user properties or other information on the clipboard to properties in the restricted class. (Rule-Access-PolicyCondition)
- You use RBAC when you want to restrict users’ roles to access only certain UI elements, to perform only certain actions in the UI, or to have any access to a class.
- You configure RBAC access by defining roles with the desired authorization and privileges. One or more roles are then associated with an access group.
RBAC uses three key rules:
- Roles (Rule-Access-Rolename)
- Access of roles to objects (Rule-Access-Role-Obj)
- Deny rules (Rule-Access-Deny-Obj)
Authentication and authorization:
Access control depends on two factors: authentication and authorization
- Confirms the identity of a user and verifies that the user is allowed access to an application.
- In Pega the records for the operator ID, access group, and application allow authentication of a user.
- Determines what data the user can view and what actions the user can perform.
- An access group grants access to specific functionality within your application.
- You can create multiple access groups for the same application to achieve different levels of access control.
- A user can belong to multiple access groups, but only one access group is active at a single time.
- When a user signs in, Pega identifies the default access group and opens the corresponding application in the specified portal.
- An access role categorizes users according to their job function.
- Each access group identifies one or more access roles.
- Each access role represents how a set of users interacts with an application to create and process cases.
Note: When an access group lists more than one role, If two or more roles conflict over whether to allow or deny an action, Pega applies the most permissive setting access all of the listed roles.