Skip to main content
LinkedIn
Copied!

Table of Contents

Implementing the security model

Version:

Only available versions of this content are shown in the dropdown

Security planning involves defining authentication and authorization strategies for your application:

Authentication
Validates your identity.
Authorization
Determines the work objects you can access and the application functions you can perform.

For information about defining authentication and authorization strategies for your application, see the following topics:

Authentication schemes

The Pega Platform offers the following authentication types:

PRBasic
Based on passwords in the Operator ID data instances and the login form. This is defined by the HTML @baseclass.Web-Login rule, which your application can override.
PRSecuredBasic
Similar to PRBasic, but passes credentials by using Secure Sockets Layer (SSL) with Basic HTTP authentication. The login form is defined by the HTML @baseclass.Web-Login-SecuredBasic rule, which your application can override.
PRCustom
Supports access to an external LDAP directory or a custom authentication scheme.
PRExtAssign
Supports external assignments (Directed Web Access).
J2EEContext
Specifies that the application server in which the Pega Platform is deployed uses JAAS to authenticate users.

Implementing your authentication scheme

Your site can use a centralized, automated means of maintaining operator data instead of maintaining it manually in your application.

  1. Discuss the authentication schemes with your site's security and application server teams.

  2. Determine the appropriate authentication type.

    For more information on authentication scheme planning, see Authentication.

Authorization model

The security authorization model determines user access privileges and work object permissions for the Pega Sales Automation application. Your security authorization model is based on the operator ID privileges and territory permissions structure that you define for your sales team. Access to portals and work objects in the application is determined by operator ID privileges. The ability to read, update, and create specific work objects is determined by the territory to which the work objects belong.

For more information about configuring territories and operators, see Set up your sales team structure.

Work object permissions

The application access privileges and territory permissions that you assign to operators in Pega Sales Automation determine how a user can interact with the work objects in the application.

  • Operator privileges (role-based) give the user access to particular types of work objects in the application.
  • Read, update, and create permissions for work objects are controlled by the territory that owns the work object.

For example, an operator with a Sales Representative role has access to opportunity work objects; however, to update an opportunity in the Northwest territory, you must grant the operator permission to update opportunity work objects in that territory.

  • You can grant different levels of access to work objects within the same territory. For example, you can give a new operator read, update, and create access for lead and opportunity work objects in the Northwest territory, but only read access to organization objects in the same territory.
  • A primary territory is defined and used as the default when new work objects are created. The owner of a work object has full access to the work object, regardless of territory access.

For more information, see Setting up persona-based access rights to the User portal navigation pane and Configuring permission access templates.

Attribute Based Control (ABAC)

Attribute Based Access Control (ABAC) controls row-level or column-level security through security policy rules available as part of the Pega Platform's ABAC feature.

For more information, see Attribute-based access control and Upgrading Pega Sales Automation to use attribute-based access control (ABAC).

Client-based access control (CBAC)

Implementing client-based access control (CBAC) helps you satisfy the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations.

For more information about GDPR and CBAC, see Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.

For more information about configuring CBAC in Pega Sales Automation, see CBAC section in the Pega Sales Automation Release Notes on the Pega Sales Automation product page.

Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us