Pega interview concepts in Security Management

What is Data Encryption in PEGA?

If the critical information is getting saved in PEGA Database as an exposed property in the work tables, then the preferred approach is as follows:

1. Create a cipher class pointing the database using the PEGA media files that comes with product 
2. Using the same cipher generator PEGA media files, upload the generated JAR into the PEGA database tables 
3. Navigate to the Data Encrption landing page, refer to the generated cipher class and activate the Data Encryption

What is the Access Control Policy and Access Control Policy Condition?

Access Control Policy or Attribute-based access control is used to restrict the user to access the specific instance of a class (Assign-, Work- and Data-) classes. The actions that can be restricted are READ, UPDATE, DISCOVER, DELETE, PROPERTYREAD, AND PROPERTYENCRYPT.

The Access Control Policy Conditions uses the When rules — comparing the class instance attribute values to the clipboard, or operator level values.

It is different from the role-based access restrictions. This restriction is at the class instance level.

What is the CORS (Cross-Origin Resource Sharing) Policy?

The Cross-Origin Resource Sharing policy is allowed to define the allowed origins (kind of whitelisting the IP’s), allowed headers, allowed methods, and credential usage for a specific REST Service.

Map the CORS record to a service rule.