Client-based access control
If your application stores data that might be used to identify a person and you are subject to GDPR or similar regulations, use client-based access control (CBAC) to track and process requests to view, change, or remove the data.
Client-based access control helps you satisfy the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. In Pega Platform, personal data might be stored in the Pega database or related data sets, and is identified by class name and property name. Personal data is associated with an actual person, not with an abstract entity such as a business.
For information about the overall CBAC process, see the Pega Community article Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.
Data privacy APIs
A request to get, rectify (update), erase (delete), or limit the usage of personal data is done by using REST APIs. The access request processing can be synchronous or asynchronous, but the processing of rectify and erase will be done asynchronously. Access, erase, and rectify requests are handled as cases. When a case that requests data is processed, the client data is returned to the client in decrypted form by using HTTPS in Base64 encoded format. For requests to rectify or erase, the data is modified or deleted as requested.
The REST APIs that define personal data requests are in the Data Privacy category of the api service package, which is known as the Pega API.
- Requests to update and delete personal data are one-time requests. They do not prevent the data from being changed or added again in the future.
- Client data that is temporarily stored on a CBAC case does not persist after the case has been resolved.
- Defining client-based access control rules
Client-based access control (CBAC) rules define where personal data is stored and how it can be accessed. These CBAC rules are used by the application server that receives and processes the requests.
- Attribute-based access control
You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.
- Pega APIs and services
You can use the Pega APIs to power client and mobile apps by using built-in Pega REST/JSON services. Pega APIs provide an extensive set of APIs to manage and interact with all aspects of your application, such as cases, assignments, and so on. The APIs are secured by user credentials and TLS/SSL. You must switch from App Studio to Dev Studio to configure security for the Pega API, which is the api service package.