Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Restrict access to reports containing specific properties

Updated on April 29, 2020

Use the property security record to require a user to have a privilege to view or create reports that contain restricted data. After assigning a privilege to the property, the Report Browser enforces the security property restriction. If a report run from the Report Browser contains any reference to a property requiring a privilege the operator does not have, it displays an error message and does not run the report.

When a user is creating reports, the Report Editor displays secured properties, but does not allow them to be added to a report.

This article describes securing an existing property pyHomePhone, which contains personally-identifiable information, with a new property security record called HomePhone. The property security record takes its name from the property it secures.

Restricting access to reports

The steps for this process are as follows:

  1. Create a privilege

  2. Create the property security record

  3. Associate the privilege

1. Create a privilege

  1. In the Records Explorer, expand Security. Right-click Privilege and click New.

  2. On the Create Privilege Record form, enter a short description and specify the Applies To class, RuleSet and ruleset Version.

  3. Click Create.

  4. On the Edit Privilege form, click Save.

2. Create the property security record

  1. In the Records Explorer, expand Security. Right-click Property Security and click New.

  2. Enter a description, the name of the property, and the Record context.

  3. Click Create.
  4. On the Edit Property Security form, on the Security tab, click the + symbol and select the privilege you created for the property.

  5. Click Save.

3. Associate the privilege

You can edit existing records to implement the privilege, or create new ones as described in the following example.

Add the privilege to a new role

In this example, create a role that can be associated with an Access of Role to Object record that "carries" the privilege.

  1. In the Records explorer, right-click Access Role Name and click New.

  2. Enter a short description – this will become the identifier – and verify record context information. Example:

  3. Click Create.

  4. On the Edit Access Role Name Record form, click Save.

Create an Access of Role to Object record

  1. In the Records explorer, click Access of Role to Object and select an instance.

  2. Select Save > Save As.

  3. On the Save as Access of Role to Object form, enter a short description and select the role name you created in the previous step.

  4. Select the Access Class and Record Context.

  5. Click Save. The system associates this Access of Role to Object rule with the PurchaseFW:CanSeePII role.

  6. On the Edit Access of Role to Object form, modify the field values on the Security tab if applicable.

  7. Select the Privileges tab. Click + and select the privilege CanViewPII, then enter 5 in the Level column.

  8. Click Save.

Add the role to an access group

In this example, add the new role PurchaseFW:CanSeePII to the existing access group PurchaseFW:Administrators.

  1. Search for PurchaseFW:Administrators, or in the Records explorer, click Access Groups and select it from the list.

  2. On the Definition tab, in the Roles section, click + and select PurchaseFW:CanSeePII.

  3. Save the PurchaseFW:Administrators access group.

Assign the access group to the operator

  1. Click the Operator menu and select Operator.

  2. On the Edit Operator ID form, in the Application Access section, click + and select the PurchaseFW:Administrators access group.

  3. Save the Operator record.

When running a report in the Report Browser, or when creating a new report in the Report Editor, the user must be logged in with an Operator ID associated with the access group containing the role granted the privilege specified by the property security record. If a property is secured by a property security rule, the system checks what privileges are required for the property and checks the operator's privileges before proceeding.


Pega Platform 7.1.1 - 8.3.1 Reporting Financial Services Healthcare and Life Sciences Insurance Communications and Media Government Healthcare and Life Sciences Consumer Services Consumer Services Manufacturing Consumer Services

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us