configuring client-based access control.

General
,
1

How to configuring client-based access control and what are steps do we need to follow to create CBAC Rule.

2

@Venkatk17188855

Client-based access control (CBAC) Rules define where personal data is stored and how it can be accessed.

These CBAC Rules are used by the application server that receives and processes the requests.

  1. Create the CBAC rules – Create the CBAC Rules that describe the personal data and identifiers:
    • The applies to class of the CBAC instance is the class where the personal data is stored or where an identifier is referenced. The applies to class can be an abstract class if the data is stored on different concrete classes within the same abstract class. The instances are of Data-, Index- or Work-.
    • The ruleset of the CBAC instance belongs to the application that controls the personal data. You can create CBAC instances in a ruleset that is shared by multiple applications, or in separate rulesets by application.

For detailed steps on creating the CBAC rules, see the steps below URL.

https://docs.pega.com/bundle/platform/page/platform/security/define-cbac-rules.html

3

Hi @Venkatk17188855,

Please find the below steps to create CBAC:

  1. Create a New Access Control Policy from Records> Security> Access Control Policy

  2. Define Policy Conditions from conditions Tab. Use the Access Control Policy Condition records to define complex conditions.

  3. Associate policy with the class by adding the newly created access control policy in Security Tab. Please ensure the policy is enabled and configured correctly.

  4. Test the configuration by logging in as a user who should be affected by the policy. Verify that the user’s access is correctly restricted based on the conditions defined. Adjust the policy or conditions as necessary based on testing outcomes.

Regards,

Mamatha Adiraju

4

@Sindhu Nalajala

I’m unable to create CBAC rule. I’m getting some privilege error.

5

@Sindhu Nalajala

I’m able to create and configure the CBAC rule.

6

@Mamatha Adiraju

think you are explaining ABAC instead of CBAC. we have a requirement to erase customer data in the cases after certain period of time post the resolution of cases. i would like to understand as to how to get CBAC rules triggered . for instance i will have a flow action to erase the data of selected cases. in that case , would it be possible to invoke CBAC rules. Appreciate your response.

7

@Venkatk17188855

Can you this pzCanManageSecurityPolicies privilege is included in the PegaRULES:SecurityAdministrator role in your access group.

8

@Sindhu Nalajala

after adding privilege able to create the rule.