Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
Upgrade impact
After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls by using registration or encryption mechanisms.
What steps are required to update the application to be compatible with this change?
After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.
New JWT access token format: Authorized Access Token
Valid from Pega Version 8.5
Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.
The major benefits to using the JWT format are:
- The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
- A single token can be used with multiple applications.
- The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
- As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).
For more information, see Understanding authorized access tokens.
Control group configuration for predictions
Valid from Pega Version 8.5
You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.
For more information, see Customizing predictions.
Improved access to Cosmos UI settings
Valid from Pega Version 8.5
The Settings tab in the App Studio case designer now includes tools for configuring Cosmos UI. With this enhancement, you can adjust design system settings without the need to specialize individual When rules in Dev Studio, which simplifies UI creation and saves development time.
For more information, see Managing Cosmos UI settings in case designer.
Ability to restrict access to the Import wizard
Valid from Pega Version 8.5
You can now restrict access to the Import wizard so that users implement an automated pipeline to deploy changes between environments such as staging and production. Deployment Manager is one method by which to create pipelines. By using pipelines to propagate changes, users can apply a standardized and automated deployment process for migrating their applications.
For more information, see:
- Ensuring that users migrate applications with a pipeline by restricting the Import wizard
- Understanding model-driven DevOps with Deployment Manager
Easily configure the live and interactive map control
Valid from Pega Version 7.1.8
The AddressMap control has been enhanced with a text input field so that users can mark a location on a map.
For example, an insurance adjuster can indicate the location of the accident when filing a case. By selecting Allow marker repositioning to change address value and dragging the marker pin, the Text Input field is automatically updated.
Custom DX API attributes for auto-generated controls
Valid from Pega Version 8.5
Auto-generated controls now include the option to add custom attributes for use with the Pega Digital Experience (DX) API. The attributes are part of the DX API response to the front end and you can use them to modify the run-time behavior of the UI elements in your application. For example, you can add an attribute to a field that displays a tooltip text for that field at run time. This enhancement introduces significant flexibility to application development and gives you greater control over UI components.
For more information, see Adding custom attributes for version 1 DX API to auto-generated controls.
Access PegaUnit compliance metrics from a centralized location
Valid from Pega Version 8.5
PegaUnit compliance metrics and execution rate have been added to the PegaUnit metrics tile of the Application Quality dashboard. This dashboard provides a centralized location for all PegaUnit data for a specific application.
The dashboard also supports granular PegaUnit test information for each case type and data type, similar to the process currently available on the branch quality dashboard.
For more information, see Analyzing application quality metrics.
Number and text input controls on Android devices may not display the correct keyboard
Valid from Pega Version 7.1.8
When running a Pega 7 application on a device using the Android operating system, pxNumber and pxTextInput controls may not display when using the desired on-screen keyboard. This happens when the number or text input type is set to number
.
At design time, the input type is selected in the Editable Format section of the Presentation tab in the Cell Properties panel for a pxNumber or pxTextInput control. Due to a known limitation in some versions of the Android OS running on some devices, the keyboard displayed at run time may not support entry of decimal values when a Number type keyboard is specified.
To resolve this issue, use the Phone
type when numbers with decimal values may be required. Using the Phone
type displays a numerical phone keyboard. The Android phone keyboard includes both commas and periods so that decimals may be entered.
The Phone type selected in the Presentation tab of a Number control
Note that this issue only occurs on Android devices. It is recommended that applications for iOS continue to use type=“Number”.
Enhanced text-editing experience
Valid from Pega Version 7.1.8
The enhanced text editor simplifies your text-editing tasks inside Designer Studio. It includes support for:
- Color coding and syntax highlighting
- Tag and bracket matching
- Auto-indent
- Search
You can use the new editor to edit a variety of rules, including basic text files and utility functions.