» » Difference between authentication and authorization in pega

Difference between authentication and authorization in pega

Authentication and authorization in pega

Authentication

Identity confirmation of the user and to verify if the user is allowed to access the application. Below three rules allow authentication of a user.
1. Operator ID
2. Access Group
3. Application

Authorization

The authorization will define what data users can view and what are the actions a user can perform. We have two authorization models in Pega to control user actions.
1. RBAC - Role-based access control
2. ABAC - Attribute-based access control

RBAC will have below key rules:
  1. Access group (Data-Admin-Operator-AccessGroup)
  2. Access Roles (Rule-Access-Rolename)
  3. AROs -Access of roles to objects (Rule-Access-Role-Obj)
  4. Access Deny rules (Rule-Access-Deny-Obj)
  5. Privileges (Rule-Access-Privilege)

ABAC will have below key rules:
  1. Access control policies (Rule-Access-Policy)
  2. Access control policy conditions (Rule-Access-PolicyCondition)
See more on ABAC


by on
Labels:

1 comment:

About us | Disclaimer | Privacy Policy | Cookie Policy | © Copyright 2021 Pegahelp All Rights Reserved