Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
Upgrade impact
After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls by using registration or encryption mechanisms.
What steps are required to update the application to be compatible with this change?
After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.
Addition of Data Access Tab to access control policy condition rules
Valid from Pega Version 8.6
You can now select associations and declarative index classes when creating access control policy condition rules. The C field in the policy condition can now accept properties from available associations and indexes. For ease of reference, the selected associations and indexes are available on the new tab.
Using the new tab, you can build complex authorization models in which access restrictions for a class depend on the attributes present in the associated and indexed classes, along with the attributes in the current class. For example, a project management application can now separately maintain project lists for each operator and use that information to restrict read/write access to unique projects.
The information available on the new Data Access tab reflects rule form changes, which are similar to the existing functionality of the Report Definition in the Application Data Model.
For more information, see Creating an access control policy condition.
Improved UI accessibility
Valid from Pega Version 8.6
Pega Platform™ now supports W3C Web Accessibility Initiative guidelines more fully, which creates a better user experience for people who rely on assistive technologies, such as screen readers.
The user interface now features the following enhancements:
- Improved keyboard navigation and updated ARIA attributes for layouts, including dynamic, repeating, and table layouts.
- Updated navigation for AJAX and dynamic containers.
- More precise keyboard navigation and focus control for pop-up components, such as SmartTips.
- Fixed accessibility gaps in out-of-the-box actionable controls and form components, such as buttons and text fields.
- More accessible error messages with improved color schemes and focus control. To meet the WCAG ARIA guidelines, the Show next Error bar has been retired and substituted with more accessible error symbols.
- Accessibility code included in the Pega Platform ruleset by default, without the need for additional configuration.
For more information, see Supported keyboard navigation.
New JWT access token format: Authorized Access Token
Valid from Pega Version 8.5
Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.
The major benefits to using the JWT format are:
- The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
- A single token can be used with multiple applications.
- The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
- As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).
For more information, see Understanding authorized access tokens.
Control group configuration for predictions
Valid from Pega Version 8.5
You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.
For more information, see Customizing predictions.
Limited access for end user portals
Valid from Pega Version 7.1.1
The following portals are only accessible from supported versions of Internet Explorer in “quirks” mode:
- WorkUser
- WorkManager
Improved access to Cosmos UI settings
Valid from Pega Version 8.5
The Settings tab in the App Studio case designer now includes tools for configuring Cosmos UI. With this enhancement, you can adjust design system settings without the need to specialize individual When rules in Dev Studio, which simplifies UI creation and saves development time.
For more information, see Managing Cosmos UI settings in case designer.
Ability to restrict access to the Import wizard
Valid from Pega Version 8.5
You can now restrict access to the Import wizard so that users implement an automated pipeline to deploy changes between environments such as staging and production. Deployment Manager is one method by which to create pipelines. By using pipelines to propagate changes, users can apply a standardized and automated deployment process for migrating their applications.
For more information, see:
- Ensuring that users migrate applications with a pipeline by restricting the Import wizard
- Understanding model-driven DevOps with Deployment Manager
All tabs are accessible on delegated rule forms
Valid from Pega Version 7.1.1
Delegates can now access all tabs in a delegated rule form.
You can continue to customize the development experience for delegated users, such as line managers, who may not require the full set of rule form options. For example, you can prevent users from adding new nodes on the Decision Tree form or using the expression builder on the Map Value form. All users, including delegated users, can remove these restrictions if they hold a rule-editing privilege.
For more details on this process and a list of commonly delegated rules, see How to delegate a rule.
Custom DX API attributes for auto-generated controls
Valid from Pega Version 8.5
Auto-generated controls now include the option to add custom attributes for use with the Pega Digital Experience (DX) API. The attributes are part of the DX API response to the front end and you can use them to modify the run-time behavior of the UI elements in your application. For example, you can add an attribute to a field that displays a tooltip text for that field at run time. This enhancement introduces significant flexibility to application development and gives you greater control over UI components.
For more information, see Adding custom attributes for version 1 DX API to auto-generated controls.