Pega Platform 8.8.3 - Attribute Based Access Control Different Behavior with Dataset

User Experience
, , , , ,
1

Pega Platform 8.8.3 - Attribute Based Access Control Different Behavior with Dataset

  1. First of all, I have changed EnableAttributeBasedSecurity DSS value as true in order to enable attribute based access control on pega platform. I have generated access control policy and access control policy condition rules.

Access control policy condition rule

IMG_1.png
IMG_1.png1062×464 19.9 KB

Access control policy rule

IMG_2.png
IMG_2.png706×482 24.3 KB

  1. It is now test the masked values on clipboard page with different approaches of fetching data.

2.1. Retrieve data through dataset.

9.png
9.png721×442 26.7 KB

Check tempCustAttributePg from Clipboard

nothing-masked-ds.png
nothing-masked-ds.png829×261 32.4 KB

Nothing masked. Expectation is to mask tckn property value of the instance shown on screenshot above.

2.2. Retrieve data through data page or obj-browse. If we have a look at the TCKN property value, we clearly see the masked value which is expected.

masked-values.png
masked-values.png840×714 90.8 KB

Why the TCKN values are not masked when we bring the data on clipboard page through data set run? We expect same behavior which is masking values regardless of the fetching mechanism.

Note: There is no sensitive data in the screenshoots shared in this document as they are all sample data.

2

@MarijeSchillern INC-B26955

3

@m.caldag As mentioned in INC-B26955 which has now been resolved: this issue is due to lack of feature.

Masking occurs at the UI layer, meaning we can’t control hiding values from the Clipboard. However encryption takes place at the DB layer, allowing to control to hide encrypted values from the Clipboard. That is why the advise is to implement both masking and encryption for added security. ABAC is not supported for Activity with Dataset-Execute. Additionally please note that normally ordinary users should not have access to the Clipboard functionality.

Masking of properties from Dataset Execute is not implemented in the product. We have raised the Feedback item FDBK-119690. You can follow up with you Account/ CSM team for further update on the feature implementation.