Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Restricting access to operator information in public-facing applications in Pega Platform 8.4 and earlier

Updated on January 14, 2022

Restrict all access to data in the Data-Admin-OperatorID class to only the end user’s data by using an access control policy. Enable this access to personally identifiable information (PII) for security purposes, such as protection against unauthorized exposure of PII data. Restricting access to only end users' data increases the security and peace of mind of users who must communicate with clients and customers through public-facing channels.

Before you begin:

enable this to restrict access to PII data for security purposes. It provides for hardening their application against unauthorized exposure of PII data.

If you are using a version of Pega Platform earlier than 8.2, attribute-based access control (ABAC) is disabled by default. To enable this feature, you need to create a dynamic system setting with the following attributes:
  1. In the header of Dev Studio, click CreateSysAdminDynamic System Settings.
  2. In the Short Description field, enter Enable Attribute BasedSecurity.
  3. In the Owning Ruleset field, enter Pega-RulesEngine.
  4. In the Setting purpose field, enter EnableAttributeBasedSecurity.
  5. Click Create and Open.
  6. On the Settings tab, in the Value field, enter True.
If your installation of Pega Platform does not contain the pyRestricttoSelf rule, from Pega Platform 7.3 and later you can create it yourself.
  1. In the header of Dev Studio, click CreateSecurityAccess Control Policy Condition.
  2. Create an Access Control Policy Condition rule by clicking Create > Security > Access Control Policy Condition, and enter the following information:
    1. In the Identifier field, enter an identifying name.
    2. From the Ruleset list, select the application ruleset in which you want to enforce this restriction.
    3. In the Apply To: field, enter Data-Admin-Operator-ID.
  3. On the Pages & Classes tab, enter the following information:
    1. In the Page Name field, enter OperatorID.
    2. In the Class field, enter Data-Admin-Operator-ID.
  4. Click Definition and then enter the following conditions:
    1. In the Conditional logic section, enter a name for the condition.
    2. In the Policy Conditions section, in the Condition field, enter the same name that you provided in the Conditional logic field.
    3. In the Column source column, select .pyUserIdentifer.
    4. In the Relationship column, select Is equal.
    5. In the Value column, select OperatorID.pyUserIdentifer.
  5. Click Save.
  6. In the header of Dev Studio, click Records > Security > Access Control Policy.
  7. Create an Access Control Policy rule with the following details:
    1. In the Identifier field, enter a name for the rule.
    2. In the Action field, select Read.
    3. In the Ruleset field, enter any rulesets in the application for which you want to enforce this restriction.
    4. In the Applies To field, enter Data-Admin-Operator-ID.
  8. Click Definition, and then enter the name of the Access Control Policy condition rule that you create in Step 4 to the Permit access if field.
  9. Save the rule form.
  • Previous topic Restricting access to operator information in Pega 8.5
  • Next topic Understanding project roles and personas

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us