Restricting access to operator information in public-facing applications in Pega Platform 8.4 and earlier
Restrict all access to data in the Data-Admin-OperatorID class to only the end user’s data by using an access control policy. Enable this access to personally identifiable information (PII) for security purposes, such as protection against unauthorized exposure of PII data. Restricting access to only end users' data increases the security and peace of mind of users who must communicate with clients and customers through public-facing channels.
Before you begin:
enable this to restrict access to PII data for security purposes. It provides for hardening their application against unauthorized exposure of PII data.
If you are using a version of Pega Platform earlier than 8.2, attribute-based access control (ABAC) is disabled by default. To enable this feature, you need to create a dynamic system setting with the following attributes:- In the header of Dev Studio, click .
- In the Short Description field, enter Enable Attribute BasedSecurity.
- In the Owning Ruleset field, enter Pega-RulesEngine.
- In the Setting purpose field, enter EnableAttributeBasedSecurity.
- Click Create and Open.
- On the Settings tab, in the Value field, enter True.
- In the header of Dev Studio, click .
-
Create an Access Control Policy Condition rule by clicking
, and enter the following information:
- In the Identifier field, enter an identifying name.
- From the Ruleset list, select the application ruleset in which you want to enforce this restriction.
- In the Apply To: field, enter Data-Admin-Operator-ID.
-
On the Pages & Classes tab, enter the following
information:
- In the Page Name field, enter OperatorID.
- In the Class field, enter Data-Admin-Operator-ID.
-
Click Definition and then enter the following
conditions:
- In the Conditional logic section, enter a name for the condition.
- In the Policy Conditions section, in the Condition field, enter the same name that you provided in the Conditional logic field.
- In the Column source column, select .pyUserIdentifer.
- In the Relationship column, select Is equal.
- In the Value column, select OperatorID.pyUserIdentifer.
- Click Save.
- In the header of Dev Studio, click .
-
Create an Access Control Policy rule with the following details:
- In the Identifier field, enter a name for the rule.
- In the Action field, select Read.
- In the Ruleset field, enter any rulesets in the application for which you want to enforce this restriction.
- In the Applies To field, enter Data-Admin-Operator-ID.
- Click Definition, and then enter the name of the Access Control Policy condition rule that you create in Step 4 to the Permit access if field.
- Save the rule form.