次のトピック

Authorization design considerations

Authorization in Pega Platform™ involves controlling access to application features and data based on user roles and privileges. It is important to grant only the minimum necessary access to perform the required tasks. This principle applies to both you and developers.

When you design your authorization scheme:

Create a matrix that outlines Access Roles, privileges, and attributes that need to be secured. Determine whether to use role-based access controls (RBAC), attribute-based access controls (ABAC), or both in your authorization scheme. Client-based access control (CBAC) and Basic Access Control (BAC) are the other authorization models that provide different yet complementary functionality to RBAC and ABAC. For more information, see Authorization.
When defining access groups, use the Deny Rule security mode. Some organizations enforce a deny-first policy where users must have explicit privileges to access certain information. If your application has similar requirements, review the usage of the Rule Security Mode setting on each access group.
Define security for reports, attachments, and background processes. Background processes such as job schedulers need an associated access group.
Secure developer access by limiting administrator rights to only the necessary developers. Additionally, your organization might have restrictions on which developers are authorized to create activity Rules or SQL connector Rules.
Ensure that developers cannot update passwords for other users.
Assign users the minimum level of access necessary to perform their job functions. This reduces the risk of unauthorized access and potential data breaches.
Ensure that the authorization model complies with relevant industry standards and regulatory requirements, such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), or Sarbanes-Oxley (SOX), depending on the nature of your application and its data.
Regularly review and update roles and permissions to reflect any changes in job functions or business needs.

Check your knowledge with the following interaction: