Featured post

GetNextWork functionality in pega

What is GetNextWork in pega? Pega provided a functionality to get the most urgent assignment(task) for user to work on. This is configured o...

Difference between authentication and authorization in pega

Authentication and authorization in pega

Authentication

Identity confirmation of the user and to verify if the user is allowed to access the application. Below three rules allow authentication of a user.
1. Operator ID
2. Access Group
3. Application

Authorization

Authorization will define what data user can view and what are the actions a user can perform. We have two authorization models in Pega to control user actions.
1. RBAC - Role-based access control
2. ABAC - Attribute-based access control

RBAC will have below key rules:
  1. Access group (Data-Admin-Operator-AccessGroup)
  2. Access Roles (Rule-Access-Rolename)
  3. AROs -Access of roles to objects (Rule-Access-Role-Obj)
  4. Access Deny rules (Rule-Access-Deny-Obj)
  5. Privileges (Rule-Access-Privilege)

ABAC will have below key rules:
  1. Access control policies (Rule-Access-Policy)
  2. Access control policy conditions (Rule-Access-PolicyCondition)
See more on ABAC


1 comment: