Published Release Notes

More detailed configuration of persona access in App Studio

App Studio now supports more precise configuration of access for personas so that you can improve the security and usability of your application. You can now define what actions a given persona can perform on a case, a data object, or a configuration set. You also save time because you define settings for an entire group of users that a persona represents. For example, you can configure a customer service representative (CSR) persona to view only cases that process insurance claims from VIP customers, without the option to modify the cases. As a result, you ensure that users of your application can interact only with relevant data, in a way that best meets your business needs.

For more information, see:

• Manage access for personas more efficiently in App Studio (8.6)
• Configuring access options for a persona

Decision tables authoring in App Studio

App Studio now supports the option to create decision tables that return values for a calculated field. For example, you can automatically calculate a life insurance rate for a customer by using a decision table that evaluates multiple factors, such as age, medical history, and current occupation. At run time, your application evaluates the values that the customer provides against the values in the decision table, and then responds with the most suitable result. By building decision tables in App Studio, you increase the flexibility of your low-code application and save time and resources, because a single decision table can provide results in multiple scenarios. You can also save and then reuse decision tables to speed up your application development even more.

For more information, see:

• Calculate values automatically in App Studio with decision tables (8.6)
• Calculating values with decision tables
• Authoring decision tables in App Studio

Configuration sets to support no-code run time changes

App Studio now provides the option to create configuration sets that define application behavior, which application administrators can adjust at run time, in a no-code way. For example, you can define a configuration that defines the maximum loan amount to offer a Gold account customer to $10,000. If the bank changes the maximum amount, the application administrator can easily change the loan amount at run time, without performing any design-time actions. Configuration sets minimize the need for custom rule overrides, and help you deliver applications that are convenient to maintain and upgrade.

For more information, see:

• Deliver no-code applications with configuration sets (8.6)
• Creating a configuration set

More specialized data fields

Pega Platform™ now provides more prescriptive and specialized options to reuse data, which replace data relationships. Now, to reuse information across your application, you can create a field that references a case type, a data object, data embedded in a case, or a data page. As a result, you do not need detailed knowledge about how your system stores data to successfully reuse information in your business processes.

For more information, see:

• Creating fields for capturing data
• Embedding data in a case
• Referencing a data page

Deprecated support for Pega Platform deployments on embedded Cassandra

If you use Pega Platform™ decision management capabilities, Pega Platform uses Cassandra as the underlying storage system for the Decision Data Store (DDS), which manages the Cassandra cluster and stores decision management data in a Cassandra database. Future versions of Pega Platform will no longer support deployments on embedded Cassandra. In Pega Platform version 8.6, deployments using embedded Cassandra are deprecated but still work. To ensure future compatibility, do not create any new installations using embedded Cassandra.

For information about how to configure Pega Platform to access an external database, see Defining Pega Platform access to an external Cassandra database.

Enabling security policies now requires current password

As part of Pega’s initiative to protect against malicious attacks, the change password dialog has been enhanced.  When Security Policies have been enabled for your system, new users or those with expired passwords will now be prompted for both their existing password as well as their desired new password.

For more details, review the Designer Studio > System > Settings > Security Policies landing page.

Access Manager portal

Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.​

Application Express and the Content Security Policy

Application Express copies (if defined) the Content Security Policy (CSP) name (pyContentSecurityPolicyName) from the built-on application in a new application. It also sets the CSP mode (pyContentSecurityPolicyMode) to report. The values appear in the Content Security area on the application rule's Integration & Security tab.

When checking an application in the DCO Compatibility tool, a warning appears if the CSP name is missing.

Password hashing using SHA-256/SHA-512

Password hashing using the SHA-256 and SHA-512 hash functions is available for use during the the Pega 7 authentication process with operator, ruleset, and update lock passwords. The SHA-256/SHA-512 hash functions join the previously available MD5 and SHA-1 hash functions.

Using SHA-256/SHA-512 hashing when creating or upgrading a password hash results in increased complexity of the hash, making it extremely difficult and time-consuming to determine hashed password values stored in a database.

Note that once you have updated your system to Pega 7.1.7 and have applied password hashing using the SHA-256/SHA-512 hash functions, reverting back to a previous version of Pega 7 is not advised as this causes hashed passwords using SHA-256/SHA-512 to fail.

See About password hashing for more information.

Add custom HTTP response headers in your application

The Pega 7 Platform supports the addition of custom security HTTP headers that are supported by your browser. For example, you can now create custom X-Frame-Options, X-XSS-Protection, and Strict-Transport-Security headers. These headers improve the security of your application against client-based attacks.

For more information, see Creating a custom application header.