Authorization in Pega Platform ensures that after users log in, they have access to only the platform features and data that they need for their work. Pega Platform offers three types of authorization: role-based access control, attribute-based access control, and client-based access control. You can use these authorization features together to provide the strictest level of control.
- Role-based access control
Use role-based access control (RBAC) to restrict users from having access to certain UI elements, to performing only certain actions in the UI, or to having any access to a class, based on defined roles and privileges that are derived from the user’s access group. Access groups define the actions that groups of users can do in an application. For example, you can configure a case manager access group so that case managers can approve important cases that are not permitted for other case workers.
- Attribute-based access control
You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.
- Client-based access control
If your application stores data that might be used to identify a person and you are subject to GDPR or similar regulations, use client-based access control (CBAC) to track and process requests to view, change, or remove the data.
Authentication in Pega Platform ensures that only users and systems whose identity has been verified can access your applications. Authentication in Pega Platform includes user logins, platform requests to external services, and external service requests to the platform. You can also authenticate by using an external identity provider.
Pega Platform tracks many types of security events such as failed logins and password changes. You can optionally track many other types of security events, as well as changes to rules and data. By tracking these changes, you can understand how your system is functioning and be alerted of any potential problems.
- Security assets and the environment
Beyond authentication, authorization, and auditing, Pega Platform offers many other security features that you can configure, such as encryption, HTTP response headers, and Web Service Security profiles. Use these features to ensure that your system is as secure as possible.
Pega Platform protects against a wide variety of security risks. Use the platform features related to authentication, authorization, and auditing to protect and monitor the use of your application. Pega Platform protects you against adverse security events, whether they be inadvertent or malicious.