Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
Upgrade impact
After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls by using registration or encryption mechanisms.
What steps are required to update the application to be compatible with this change?
After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.
Use client-based access control to support EU GDPR requirements
Valid from Pega Version 8.1
You can use client-based access control (CBAC) to satisfy the data privacy requirements of the European Union General Data Protection Regulation (GDPR) and similar regulations. By using client-based access control, you can identify the personal data of clients and automatically process requests to view, update, or remove the data in a secure manner. You can also enforce restrictions on the use of this data in application functions.
For more information, see Client-based access control.
Add custom controls to section palettes
Valid from Pega Version 7.3
You can add custom controls to the Basic or Advanced palettes in sections. With this enhancement, Pega® Platform developers have easy access to custom controls. The check box is available in the HTML tab of the custom control rule. You can add a custom icon to display in the menu with the custom control.
For more information see Adding custom controls to the section palette in Designer Studio.
Accessibility Inspector identifies accessibility issues in real time
Valid from Pega Version 8.1
The new Accessibility Inspector finds accessibility issues in your application and helps you to quickly fix these issues. Accessible applications accommodate a range of users with varying degrees of visual ability and might be required by regulation. The Accessibility Inspector, which you open from the run-time toolbar, is displayed on the right side of the page and highlights content, structure, compatibility, and interaction issues. You can click through an accessibility warning to open the affected element and fix the issue. For more information, see Finding accessibility issues in Pega applications with the Accessibility Inspector.
Enabling access to upgraded help
Valid from Pega Version 8.1
After upgrading to Pega Platform ™ 8.1, the default URL to the upgraded help files might be incorrect. To enable access to the latest help files, reset the URL:
- In the header of Dev Studio, click .
- Enter the Online Help URL:
https://community.pega.com/sites/default/files/help_v81/
- Click .
- Log out and log back into Pega Platform.
New JWT access token format: Authorized Access Token
Valid from Pega Version 8.5
Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.
The major benefits to using the JWT format are:
- The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
- A single token can be used with multiple applications.
- The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
- As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).
For more information, see Understanding authorized access tokens.
Actions available for custom controls
Valid from Pega Version 7.3
All standard actions that are available for autogenerated controls are available on non-autogenerated custom controls as well. You can configure actions on custom controls by using the legacy actions options or the standard options that are available to custom and autogenerated controls. By using the standard options, developers can now configure multiple action sets for different types of events on a single custom control.
For more information, see Actions tab.
Control group configuration for predictions
Valid from Pega Version 8.5
You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.
For more information, see Customizing predictions.
Deprecated support for Microsoft ActiveX controls
Valid from Pega Version 7.3
Beginning with Pega Platform 7.3, Microsoft ActiveX controls are no longer supported in any version of the Pega Platform, and technical support for ActiveX is limited. It is recommended that you use HTML-based, cross-browser solutions for improved performance and greater security.
For more information, see Deprecation of ActiveX controls in Pega Platform.
Autogenerated controls have unique IDs
Valid from Pega Version 8.1
Autogenerated controls have a unique ID by default. This unique ID ensures that the Document Object Model (DOM) is HTML5-compliant and avoids problems that can be caused by elements having the same ID. The setting to enable or disable unique IDs is on the HTML5 Application Readiness page.
For more information, see Unique IDs in autogenerated controls.