Skip to main content

Basic access control

Authentication serves as the foundational step in securing an application. Pega Platform™ supports various authentication mechanisms, which range from basic user credentials to advanced methods, for example, multi-factor authentication and CAPTCHA. These mechanisms help ensure that only verified users can log in to your application. Following authentication, the next layer of application security is access control and authorization. While authentication verifies the identity of users, authorization determines their access rights and permissions within the application. This mechanism manages what users can access, as well as the roles and permissions required to perform specific actions, which helps ensure that users interact with the application following predefined security policies. 

Authorization  

Pega Platform offers four types of authorization: 

  • Role-based access control (RBAC)
  • Attribute-based access control (ABAC)  
  • Client-based access control (CBAC)
  • Basic access control (BAC)

Each of these complements each other to provide secure access to the application. You can use these authorization features together to provide the strictest level of control. The RBAC mechanism is your top priority when configuring the actions users can perform in the application. Access control begins by associating users with a Persona (users associated with an Access Group).  

RBAC focuses on access to objects where instance-level or row-level security access is defined. ABAC complements RBAC to define security access at a specific property in the instance of a class where property-level or column-level security is defined. ABAC is particularly useful when you want to mask some characters of an attribute value or when you want to discover the presence of the instance but cannot permit users to open and read the instance.  

The next level of access control is protecting the personally identifying information of the customers. CBAC helps you satisfy the data privacy requirements of the European Union General Data Protection Regulation and similar regulations. CBAC rules define where to store and how to access personal data. Personal data is associated with an actual person, not an abstract entity such as a business. 

Basic access control

BAC is a security measure designed to protect applications from unauthorized requests coming from the user interface layer, including sections, custom controls, and harnesses. Recognized by the Open Web Application Security Project (OWASP) as one of the top 10 security vulnerabilities, BAC prevents users from exploiting vulnerabilities, such as URL-based requests that bypass access control checks. BAC operates at the Application Layer, offering additional verification for requests using autogenerated controls. It enforces rules within the @baseclass class, specifically by implementing three when rules: pzSecureFeatures, pyShowSecureFeatureWarnings, and pyBlockUnregisteredRequests. For more information, see Basic access control.

Introducing custom code during development can increase the risk of broken access controls, potentially leading to malfunctioning features under enhanced security measures. Using the Access Control Check feature in Dev Studio can help identify and rectify broken access controls and problematic custom code, ensuring the integrity of the application. By using access control checks, you proactively fix your code by identifying potential issues. If you do not fix broken access controls, when you enable security protections and the application goes into hardening, the broken features might stop working or not work correctly.  

The result of the access control check is a list of Rules for mitigation. You must open each Rule to refactor and address its issue.

Check your knowledge with the following information:


This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice