Restricting access to operator information in Pega 8.5
Restrict all access to data in the Data-Admin-OperatorID class to only the end user’s data by using an access control policy. You can restrict access to personally identifiable information (PII) for security purposes, such as protection against unauthorized exposure of PII data. Restricting access to only the end users' data increases the security and peace of mind of users who must communicate with clients and customers through public-facing channels.
- In the header of Dev Studio, click .
- In the header of Dev Studio, click Records
- Open the pyRestrictToSelf access control policy condition
rule.
- In the Policy Condition field, select pyRestrictToSelf.
- In the Applies To field, select Data-Admin-Operator-ID.
- Click Save As, then select the application ruleset for which you want to enforce this restriction, and click Create and open.
- On the rule form, click Availability, and then select Available from the list.
- In the header of Dev Studio, click .
- Open the pyDefault access control policy rule.
- In the Policy name field, select pyDefault.
- In the Action field, select Read.
- In the Applies to field, enter Data-Admin-Operator-ID.
- Click Save As, then select the application ruleset for which you want to enforce this restriction, and click Create and open.
- On the rule form, click Availability, and then select Available from the list.
Previous topic Basic requirements for deploying public-facing applications Next topic Restricting access to operator information in public-facing applications in Pega Platform 8.4 and earlier