Skip to main content

         This documentation site is for previous versions. Visit our new documentation site for current releases.      

Client-based access control

Updated on June 30, 2021

If your application stores data that might be used to identify a person and you are subject to GDPR or similar regulations, use client-based access control (CBAC) to track and process requests to view, change, or remove the data.

Client-based access control helps you satisfy the data privacy requirements of client protection regulations, such as the European Union (EU) General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). In Pega Platform, personal data might be stored in the database or related data sets, and is identified by class name and property name. Personal data is associated with an actual person, not with an abstract entity such as a business.

For more information, see:

Data privacy APIs

REST APIs process requests to get, rectify (update), erase (delete), or limit the usage of personal data. The access request processing can be synchronous or asynchronous, but the processing of requests to rectify and erase is asynchronous. Cases handle Access, erase, and rectify requests. When data requests are processed, the decrypted client data is returned to the client using HTTPS in Base64 encoded format. For requests to rectify or erase, the data is modified or deleted as requested.

The REST APIs that define personal data requests are in the Data Privacy category of the api service package, which is known as the Pega API.

  • Requests to update and delete personal data are one-time requests that do not prevent the data from being changed or added again in the future.
  • Client data that is temporarily stored on a CBAC case does not persist after the case has been resolved.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us