Pega Interview Questions — Security Management

What is Data Encryption in PEGA?

If the critical information is getting saved in PEGA Database as an exposed property in the work tables, then the preferred approach is as follows:

1. Create a cipher class pointing the database using the PEGA media files that comes with product 
2. Using the same cipher generator PEGA media files, upload the generated JAR into the PEGA database tables 
3. Navigate to the Data Encrption landing page, refer to the generated cipher class and activate the Data Encryption

What is the Access Control Policy and Access Control Policy Condition?

Access Control Policy or Attribute-based access control is used to restrict the user to access the specific instance of a class (Assign-, Work- and Data-) classes. The actions that can be restricted are READ, UPDATE, DISCOVER, DELETE, PROPERTYREAD, AND PROPERTYENCRYPT.

The Access Control Policy Conditions uses the When rules — comparing the class instance attribute values to the clipboard, or operator level values.

It is different from the role-based access restrictions. This restriction is at the class instance level.

What is the CORS (Cross-Origin Resource Sharing) Policy?

The Cross-Origin Resource Sharing policy is allowed to define the allowed origins (kind of whitelisting the IPs), allowed headers, allowed methods, and credential usage for a specific REST Service.

Map the CORS record to a service rule or to a path.

Using the below navigation

Configure -> Integration -> Services -> Endpoint-CORS Policy Mapping tab.

What is the use of the Property Read and Property Encrypt ABAC Policies?

Using the Property Read — ABAC Policy, can Fully or Partially mask the sensitive data to the end-users. In the Access Control Policy, can define the Access Control Policy Definition — when rules to allow the full property read access.

Using the Property Encrypt — ABAC Policy, can completely encrypt the sensitive data in the clipboard, database etc… In the Security — Data Encryption, we can define the default Platform Cipher or Customer Cipher to use. In the same ABAC rule form, can define the Access Control Policy Condition, can define the when rules to obfuscate the data for display.

Note: In Access Control Policy Definition, can compare the case data with the logged-in operator or requester level data.