LinkedIn
Copied!

Table of Contents

Restricting access to operator information in public-facing applications in Pega Platform 8.4 and earlier

Version:

Only available versions of this content are shown in the dropdown

Restrict all access to data in the Data-Admin-OperatorID class to only the end user’s data by using an access control policy. Enable this access to personally identifiable information (PII) for security purposes, such as protection against unauthorized exposure of PII data. Restricting access to only end users' data increases the security and peace of mind of users who must communicate with clients and customers through public-facing channels.

enable this to restrict access to PII data for security purposes. It provides for hardening their application against unauthorized exposure of PII data.

If you are using a version of Pega Platform earlier than 8.2, attribute-based access control (ABAC) is disabled by default. To enable this feature, you need to create a dynamic system setting with the following attributes:
  1. In the header of Dev Studio, click Create SysAdmin Dynamic System Settings .
  2. In the Short Description field, enter Enable Attribute BasedSecurity.
  3. In the Owning Ruleset field, enter Pega-RulesEngine.
  4. In the Setting purpose field, enter EnableAttributeBasedSecurity.
  5. Click Create and Open.
  6. On the Settings tab, in the Value field, enter True.

If your installation of Pega Platform does not contain the pyRestricttoSelf rule, from Pega Platform 7.3 and later you can create it yourself.

  1. In the header of Dev Studio, click Create Security Access Control Policy Condition .

  2. Create an Access Control Policy Condition rule by clicking Create > Security > Access Control Policy Condition , and enter the following information:

    1. In the Identifier field, enter an identifying name.

    2. From the Ruleset list, select the application ruleset in which you want to enforce this restriction.

    3. In the Apply To: field, enter Data-Admin-Operator-ID.

  3. On the Pages & Classes tab, enter the following information:

    1. In the Page Name field, enter OperatorID.

    2. In the Class field, enter Data-Admin-Operator-ID.

  4. Click Definition and then enter the following conditions:

    1. In the Conditional logic section, enter a name for the condition.

    2. In the Policy Conditions section, in the Condition field, enter the same name that you provided in the Conditional logic field.

    3. In the Column source column, select .pyUserIdentifer.

    4. In the Relationship column, select Is equal.

    5. In the Value column, select OperatorID.pyUserIdentifer.

  5. Click Save.

  6. In the header of Dev Studio, click Records > Security > Access Control Policy .

  7. Create an Access Control Policy rule with the following details:

    1. In the Identifier field, enter a name for the rule.

    2. In the Action field, select Read.

    3. In the Ruleset field, enter any rulesets in the application for which you want to enforce this restriction.

    4. In the Applies To field, enter Data-Admin-Operator-ID.

  8. Click Definition, and then enter the name of the Access Control Policy condition rule that you create in Step 4 to the Permit access if field.

  9. Save the rule form.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.