Security rules and data

Authorization settings for a user include security rules and data instances. These settings determine the class objects that users can access and the rules and operations that they can run on those objects.

The following rule and data types are available in Pega Platform:

  • Access Control Policy rule

    The metadata provided in this policy creates the policy condition rules. The policy condition rules define the conditions used by attribute-based access control to grant access to the requested resource.

  • Access Control Policy Condition rule

    Defines a set of conditions and the logic where the conditions should be evaluated to grant access to the requested resource.

  • Access Deny rules

    Restricts user access to instances of specific classes under certain conditions.

  • Access Group data instances

    An access group is associated with a user through the Operator ID data instance. The access group specifies the applications that are available to the user, the user's access roles, portal layout, and work pools.

  • Access Role rules

    An access role rule defines a name for a role, which is used for configuring user authorization settings. Security administrators can also use privilege inheritance to simplify the process of granting operator access to a feature protected by privileges.

  • Access of Role to Object rules

    Relates role names to access rights to objects of specific classes. Access right types include open, update, and delete.

  • Access When rules

    Defines a condition that the system evaluates to allow or disallow a user to perform an operation, or access information based on security requirements.

  • Content Security Policy rules

    A set of directives that inform a client's browser of locations that it can pull content from.

  • Cross Origin Resource Sharing data instance

    Controls access for other systems or websites (origins) to resources (APIs and services) provided by your application.

  • Keystore data instance

    Provides a name and storage for a certificate file that contains keystores.

  • OAuth Client data instances

    Your applications can act as an OAuth 1.0 consumer/client. As a result, your application can access private resources stored on external websites such as LinkedIn which support the OAuth 1.0 protocol.

  • OAuth 2.0 Client Registration data instance

    A standard framework that enables secure, delegated access to services via HTTPS. This is the next evolution of the OAuth protocol.

    Pega Platform acts as an OAuth 2.0 provider to protect your REST services by using the client credentials grant type. The user receives an access token and can access the private resources for a defined period of time.

  • OAuth 2.0 Identity Mapping data instance

    Specifies how to identify an operator from SAML 2.0 Assertion, JSON Web Token, or a custom source.

  • OAuth 2.0 Provider data instance

    The application acts as an OAuth 2.0 client to access protected resources that are stored in external websites such as Twitter and Facebook. Pega Platform supports the client credentials and authorization code grant types.

  • Privilege rules

    Restrict access to specific rules rather than to entire classes or ruleset versions. Privileges differentiate the capabilities of different groups of users within the application and restrict access to certain functions in an application.

  • Property Security rules

    Restrict access to properties by specifying required privileges for a property. Attach a privilege to a property to restrict access to report definitions that reference the property.

  • Token profile data instance

    The JSON Web Token (JWT) data instance contains information about a user that can be used by another party to authenticate the identity of the user between different processes.

  • Web Service Security profile

    Enable Web Services Security (WS Security) on a SOAP connection to securely move messages to and from your application.