Security attributes markings
Attributes are unique security markings, which are assigned to objects and operators. Each attribute has a value associated with it, which means that a user must possess an attribute value to access an object.
Attribute types suggest how to compare the attribute values between the user and the object that the user is requesting access to, and to determine whether to grant access to the object.
These main data types represent an attribute value in the Pega Platform :
- Single string value – A simple string equality comparison is made to determine if the subject has access to the object.
- A list of string values – A multivalue data type represented by a comma-separated noun string with no spaces. The subject must have either all of the object's attribute values (All Of) or one of the attribute values (One Of).
- Numeric value – This attribute type is internally represented by an integer. A simple numeric comparison is made to determine if the subject has access to the object.
You can see the attributes that are assigned to a case on the pyWorkPage in the clipboard.
You can create attributes on data pages or work objects by adding special properties to them. These properties can then be referenced by the ABAC engine to enforce security policies.
- Attribute-based access control
You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.
- Creating an access control policy
In the access control policy rule form, you define a policy that grants access to an object by evaluating selected conditions. For each rule, you can set one level of access, such as read, update, or delete, and the condition that defines whether the access is granted.
- Creating an access control policy condition
You can define a set of conditions and comparison logic to be evaluated to grant access to an object.