The Pega Platform offers rules that configure data access control based the values of attributes contained in a transaction. The Attribute-Based Access Control (ABAC) security feature can be used to mask sensitive data such as Tax ID, security question and answers so that only authorized operators can view.

You can restrict the ability of a user to view, modify, and delete instances of classes, or properties within classes. Use attribute-based access control (ABAC) to enforce row-level and column-level security in your application.

Access restrictions are enforced by defining access control policies. Conditions used in access control policies compare attributes in class instances to other information (typically, information about user’s identity, organizational reporting relationships, or other security credentials that might be case-specific).

Two rule types (Access Control Policy and Access Control Policy Condition) are used to define policies for different types of actions (Read, Update, Delete, Discover, PropertyRead, PropertyEncrypt). The rule types compare property values in class instances to clipboard property values.

See Attribute-based access control in the online help for more information.