Published Release Notes

Improving basic access control

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

Discovery features for access control policies

Access control policies now support discovery features that allow end users to view limited, customizable information about class instances that fail Read policies but satisfy Discover policies. Two types of Discovery gadgets are provided, and when discovery features are enabled, a Discovery gadget is included in the Report Viewer and in search results. Developers can customize these gadgets and include them in other parts of an application user interface.

For more information, see Discovery features for access control policies.

New access control policy for encrypting properties

With attribute-based attribute control, you can now encrypt property values in the database, clipboard, logs, and search indexes for any property type. If no policy obfuscates an encrypted property, its value is visible in UI controls and reports.

For more information, see Creating an access control policy.

Update and delete actions available in access control policies

Access control policies support update and delete actions on objects. These actions control which specific instances of a class can be created, updated, or deleted by an end user in a case.

For more information, see Creating an access control policy.

Conditional filter logic supported in access control policy conditions

In the Access Control Policy Condition rule form, you can now add conditional logic that allows you to apply different access control policy conditions based on different situations, such as different types of users. The policy condition filters that are enforced  are based on the results of Access When rules. Conditional filters can be configured to allow certain highly privileged users to bypass access control security in certain situations. This is accomplished by entering an Access When but leaving the conditional logic field blank.  When such a filter is applied to a read access policy it also should be applied to the corresponding discover policy.

For more information, see Creating an access control policy condition.

New JWT access token format: Authorized Access Token

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

• The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
• A single token can be used with multiple applications.
• The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
• As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Control group configuration for predictions

You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.

For more information, see Customizing predictions.

New privilege required to access the Search landing page

After upgrading to Pega^® Platform 7.4, users who do not have the pxAccessSearchLP privilege cannot access the Search landing page. The pxAccessSearchLP privilege is automatically assigned to the SysAdm4 role. If you have other roles that require access to the Search landing page, you must add the pxAccessSearchLP privilege to those roles.

For more information about assigning privileges to roles, see User privilege authorization. (Link to: basics/v6portal/landingpages/accessmanager/customizeprivilegestab.htm)

Data Visualization controls are now available

Use a Data Visualization control when you need a highly configurable visualization beyond the standard pie, bar, and line charts. With a Data Visualization control, you can appropriately represent any type of data. You can add Data Visualization controls to sections or anywhere else a standard control can be used, such as dashboard widgets.

For more information, see Adding and configuring a Data Visualization control.

Improved access to Cosmos UI settings

The Settings tab in the App Studio case designer now includes tools for configuring Cosmos UI. With this enhancement, you can adjust design system settings without the need to specialize individual When rules in Dev Studio, which simplifies UI creation and saves development time.

For more information, see Managing Cosmos UI settings in case designer.