Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Client-based access control

Updated on July 1, 2021

If your application stores data that might be used to identify a person and you are subject to GDPR or similar regulations, use client-based access control (CBAC) to track and process requests to view, change, or remove the data.

Client-based access control helps you satisfy the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. In Pega Platform, personal data might be stored in the Pega database or related data sets, and is identified by class name and property name. Personal data is associated with an actual person, not with an abstract entity such as a business.

For information about the overall CBAC process, see the Pega Community article Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.

Data privacy APIs

A request to get, rectify (update), erase (delete), or limit the usage of personal data is done by using REST APIs. The access request processing can be synchronous or asynchronous, but the processing of rectify and erase will be done asynchronously. Access, erase, and rectify requests are handled as cases. When a case that requests data is processed, the client data is returned to the client in decrypted form by using HTTPS in Base64 encoded format. For requests to rectify or erase, the data is modified or deleted as requested.

The REST APIs that define personal data requests are in the Data Privacy category of the api service package, which is known as the Pega API.

Note:
  • Requests to update and delete personal data are one-time requests. They do not prevent the data from being changed or added again in the future.
  • Client data that is temporarily stored on a CBAC case does not persist after the case has been resolved.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us