Close popover

Table of Contents

Configuring client-based access control for a non-Pega data source

Version:

By default, client-based access control applies to personal data that is stored in the Pega Platform database. By doing additional configuration, you can also apply client-based access control to non-Pega databases and other data sources.

For client-based access control of personal data that is not stored in the Pega Platform database, you can write activities that access, rectify, and erase the personal data on your external data source.

For information about the overall CBAC process, see the Pega Community article Supporting EU GDPR data privacy rights in Pega Infinity with client-based access control.

  1. Create three activities: one to access, one to rectify, and one to erase data on your external data source. If possible, these activities should return the results in JSON format.

    • For a database, the activity can call one of the RDB methods to operate on a Connect SQL rule.
    • For a data set, the activity can call DataSet-Execute.
    • For a data flow, the activity can call DataFlow-Execute.

    For example, a statement to return the step page in JSON format is similar to the following. After calling this, you remove the step page. tools.sendFile(myStepPage.getJSON(false).getBytes(),"CustomerData.json",false,null,true);

  2. Create a client-based access control rule, or open an existing rule from the navigation panel by clicking Records Security Client Based Access .

  3. Configure your access control rule as described in Configuring a client-based access control rule.

  4. In the Activity name fields, enter the names of the activities that you created in step 1 for Access, Rectify, and Erase.

  5. Click Save.

  • Configuring a client-based access control rule

    Define the personal data properties and personal identifiers for a client-based access control rule (CBAC) so that requests for personal data can be tracked and processed. A CBAC rule defines access, update, and delete permissions for individual data elements.

  • Creating a client-based access control rule

    Create client-based access control (CBAC) rules to identify the personal data and personal identifiers in your Pega Platform application. CBAC rules define how an incoming request finds the personal data in your data store. CBAC rules also define the type of access the client has for each data instance (view, modify, or delete).

  • Configuring a client-based access control rule

    Define the personal data properties and personal identifiers for a client-based access control rule (CBAC) so that requests for personal data can be tracked and processed. A CBAC rule defines access, update, and delete permissions for individual data elements.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • Keystores

    A keystore is a file that contains keys and certificates that you use for encryption, authentication, and serving content over HTTPS. In Pega Platform, you create a keystore data instance that points to a keystore file.

  • About Data Set rules

    Data sets define collections of records, allowing you to set up instances that make use of data abstraction to represent data stored in different sources and formats. Depending on the type selected when creating a new instance, data sets represent Visual Business Director (VBD) data sources, data in database tables or data in decision data stores. Through the data management operations for each data set type, you can read, insert and remove records. Data sets are used on their own through data management operations, as part of combined data

  • Creating a data flow

    Create a data flow to process and move data between data sources. Customize your data flow by adding data flow shapes and by referencing other business rules to do more complex data operations. For example, a simple data flow can move data from a single data set, apply a filter, and save the results in a different data set. More complex data flows can be sourced by other data flows, can apply strategies for data processing, and open a case or trigger an activity as the final outcome of the data flow.

Suggest Edit

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.