Published Release Notes

Improving basic access control

Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.

For more information, see Access Control Checks.

Upgrade impact

After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls  by using registration or encryption mechanisms.

What steps are required to update the application to be compatible with this change?

After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.

External access control DASS

A new Dynamic Admin System Setting (DASS) controls the Designer Studio's access to external systems, specifically the PDN RSS feed found on the home page.

By default, Pega-Desktop.AllowAccessToExternalSystem is set to TRUE. Update this setting to FALSE to hide the PDN RSS feed and ensure that no RSS fetch is performed.

New JWT access token format: Authorized Access Token

Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.

The major benefits to using the JWT format are:

• The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
• A single token can be used with multiple applications.
• The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
• As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).

For more information, see Understanding authorized access tokens.

Attach Content control

The Attach Content control assists with attaching and uploading media files for Pega 7 applications. When in a mobile web browser, this control is limited to attaching image files only. Using a desktop browser with this control enabled launches the file browser, allowing users to select a type of capture mechanism and/or utilize an "attach file(s)" file selection prompt directly from their desktop.

Access Manager portal

Changes to the Access Manager simplify the process of modifying the access rights of features for an application. The changes, including creation of an Access Manager portal, make it easier for non-technical users, such as business architects, to set access rights even if they may not have a deep understanding of Pega 7's security model and class inheritance structure.​

Format options in DateTime control

Several updates were made to the section and harness DateTime control.

First, this control now allows selection of both the MM/DD/YYYY and the DD/MM/YYYY format from the Date format dropdown menu.

Second, the number of characters used when inputting a date will be the same regardless of the date. For example, 1/1/2014 displays as 01/01/2014. In a data grid, this ensures that the date text in a column is aligned.

Third, you can now create a custom date format using the Java-supported custom date formats for both the Date or Date/Time types.

Following is an example of the new dropdown when selecting the type Date:

Following is an example of the new dropdown when selecting the type Date/Time:

Finally, as an example of custom date and time formatting, entering EEE, MMM D, YY H:MM A in the "Custom" field displays as Sat, May 1, '99 2:00 PM, as shown below:

Specify control widths in the skin

This feature enables you to control the width of controls added to dynamic layouts instead of using the default 100% width of the dynamic layouts. You can now specify the widths as dynamic layout skin settings.

Anypicker control is now available

The new Anypicker control displays a drop-down list of values that you can group into expandable categories for faster browsing. To save time and improve search accuracy, the Anypicker control filters the available values based on the characters that the user enters.

For more information, see Adding an Anypicker control.

Anypicker control in a condition builder

The condition builder now uses the Anypicker control to categorize the entities, such as fields or when conditions, that your application compares at run time. As a result, you can create conditions in a simplified and accelerated way. You can also select fields that are up to four levels deep within field groups.

For more information, see Create conditions faster with an Anypicker control (8.4), Adding an Anypicker control, Defining conditions in the condition builder.

Control group configuration for predictions

You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.

For more information, see Customizing predictions.