Using security attributes markings
Attributes are unique security markings, which are assigned to objects and operators. Each attribute has a value associated with it, which means that a user must possess an attribute value to access an object.
Attribute types suggest how to compare the attribute values between the user and the object that the user is requesting access to, and to determine whether to grant access to the object.
These main data types represent an attribute value in the Pega Platform :
- Single string value – A simple string equality comparison is made to determine if the subject has access to the object.
- A list of string values – A multivalue data type represented by a comma-separated noun string with no spaces. The subject must have either all of the object's attribute values (All Of) or one of the attribute values (One Of).
- Numeric value – This attribute type is internally represented by an integer. A simple numeric comparison is made to determine if the subject has access to the object.
You can see the attributes that are assigned to a case on the pyWorkPage in the clipboard.
You can create attributes on data pages or work objects by adding special properties to them. These properties can then be referenced by the ABAC engine to enforce security policies.