Question

4
Replies
898
Views
BhagyashreeC9567 Member since 2018 18 posts
Evoke Technologies
Posted: April 26, 2018
Last activity: April 30, 2018
Closed
Solved

Authorization Levels in Pega

Hi Guys,

I have a question around Access Control/Authorization in Pega.
Suppose I want to hide certain functionality in the application from a set of users. I can simply hide the link to that particular module/ functionality say a grid or tab or menu item using a condition such as pyAccessGroup should be XYZ (Visible When or Enable When).

Then why do we need to define authorization/security at even granular levels such as access roles and privileges.

Is this a way to make the security model more robust and at the class level also (assuming access roles incorporate various classes and associated privileges)?
If I only deny access based on the example I gave, i.e. hiding a grid or menu item from user based on a simple condition such as .pyAccessGroup=="Appl:Admin", can this security pose threats and is compromising in real time?

Please explain in detail.

Thanks!

Bhagyashree

Low-Code App Development Security
Moderation Team has archived post
Share this page LinkedIn