Published Release Notes

New access control policy for encrypting properties

With attribute-based attribute control, you can now encrypt property values in the database, clipboard, logs, and search indexes for any property type. If no policy obfuscates an encrypted property, its value is visible in UI controls and reports.

For more information, see Creating an access control policy.

New privilege required to access the Search landing page

After upgrading to Pega^® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.

For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)

Improve application test coverage by running multiple sessions

You can improve the test coverage of your application by using a new test coverage method - Application Coverage. Multiple users can perform coverage sessions which are aggregated into a single report. By using report metrics that show the number of rules that are covered and are not covered by tests, developers can identify which areas of the application need more test coverage.

For more information, see the Test Coverage landing page.

Support for OAuth 2.0 authorization code grant type

Pega Platform™ now supports the OAuth 2.0 authorization code grant type, which allows Pega Platform to act as an OAuth 2.0 access token provider for native applications on mobile and other devices. By using the authorization code grant type for mobile clients, you no longer need to implement a variety of standards for various authentication providers. The authorization code grant type also supports the Proof Key for Code Exchange standard (PKCE) for securing public clients.

For more information, see Creating and configuring an OAuth 2.0 client registration.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Unit testing support for more rule types

You can now create unit tests for the following additional rule types. You can also create assertions to validate activity status. The expanded rule types for unit testing enable developers to more thoroughly perform regression testing of their application, thereby improving application quality.

• Collection
• Declare expression
• Map value
• Report definition

For more information about unit testing rules, see Pega unit test cases.

Upgrade impact

With the four new rule types, unit test execution and unit test compliance metrics will change. Reports on automated unit testing of the customer application decrease due to the increased pool of supported rules.

What steps are required to update the application to be compatible with this change?

After a successful upgrade, create Pega unit test cases for the newly supported rules to see updated and accurate unit test metrics.

View application quality metrics by data type

You can now view application quality metrics by data type on the Application Quality landing page. The new Data Types tab displays metrics for data types grouped by data objects, which enables you to more quickly understand the overall coverage of the application's integrations and interfaces.

For more information about data type metrics, see Application Quality landing page.

Scenario tests are reusable

Existing scenario tests are now reusable in different business scenarios. Before Pega 8.3, you had to create a new test every time a user interface or process flow changed significantly. Now, scenario tests are editable to help you maintain the test stack more effectively.

For more information, see Updating scenario tests.

Java injection vulnerability check

Pega Platform™ now notifies you of Java injection vulnerabilities in activities, functions, and stream rules at design time and at run time.  You can customize Pega Platform to check for additional vulnerabilities to ensure that your application runs without problems.

For more information, see Configuring the Java injection check.

Usability improvements to Admin Studio

Admin Studio offers a variety of usability enhancements, including:

• New access groups to differentiate between full and read-only access to Admin Studio
• A Java class lookup utility
• A requestor list for the logged-on operator
• The ability to display system node type in the logs

Also, if your environment uses Predictive Diagnostic Cloud (PDC), the Admin Studio overview page now includes a link to PDC.

For more information, see Managing requestors.