Published Release Notes

Improving basic access control

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

Addition of Data Access Tab to access control policy condition rules

You can now select associations and declarative index classes when creating access control policy condition rules. The Column source field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new Data Access tab. 

Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.

The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model. 

For more information, see Creating an access control policy condition.

Use client-based access control to support EU GDPR requirements

You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.

For more information, see Client-based access control.

Improved UI accessibility

Pega Platform™ now supports W3C Web Accessibility Initiative guidelines more fully, which creates a better user experience for people who rely on assistive technologies, such as screen readers.

The user interface now features the following enhancements:

• Improved keyboard navigation and updated ARIA attributes for layouts, including dynamic, repeating, and table layouts.
• Updated navigation for AJAX and dynamic containers.
• More precise keyboard navigation and focus control for pop-up components, such as SmartTips.
• Fixed accessibility gaps in out-of-the-box actionable controls and form components, such as buttons and text fields.
• More accessible error messages with improved color schemes and focus control. To meet the WCAG ARIA guidelines, the Show next Error bar has been retired and substituted with more accessible error symbols.
• Accessibility code included in the Pega Platform ruleset by default, without the need for additional configuration.

For more information, see Supported keyboard navigation.

Accessibility Inspector identifies accessibility issues in real time

The new Accessibility Inspector finds accessibility issues in your application and helps you to quickly fix these issues. Accessible applications accommodate a range of users with varying degrees of visual ability and might be required by regulation. The Accessibility Inspector, which you open from the run-time toolbar, is displayed on the right side of the page and highlights content, structure, compatibility, and interaction issues. You can click through an accessibility warning to open the affected element and fix the issue. For more information, see Finding accessibility issues in Pega applications with the Accessibility Inspector.

Enabling access to upgraded help

After upgrading to Pega Platform ™ 8.1, the default URL to the upgraded help files might be incorrect. To enable access to the latest help files, reset the URL:

1. In the header of Dev Studio, click Configure > System > Settings > URLs.
2. Enter the Online Help URL:

   https://community.pega.com/sites/default/files/help_v81/

3. Click Save.
4. Log out and log back into Pega Platform.

New JWT access token format: Authorized Access Token

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

• The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
• A single token can be used with multiple applications.
• The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
• As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Control group configuration for predictions

You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.

For more information, see Customizing predictions.

Autogenerated controls have unique IDs

Autogenerated controls have a unique ID by default. This unique ID ensures that the Document Object Model (DOM) is HTML5-compliant and avoids problems that can be caused by elements having the same ID. The setting to enable or disable unique IDs is on the HTML5 Application Readiness page.

For more information, see Unique IDs in autogenerated controls.

Improved access to Cosmos UI settings

The Settings tab in the App Studio case designer now includes tools for configuring Cosmos UI. With this enhancement, you can adjust design system settings without the need to specialize individual When rules in Dev Studio, which simplifies UI creation and saves development time.

For more information, see Managing Cosmos UI settings in case designer.