Question
Student
IN
Last activity: 11 Jun 2024 4:21 EDT
Security
What is the difference between Authentication and Authorization in Pega?
-
Reply
-
Share this page Facebook Twitter LinkedIn Email Copying... Copied!
Accepted Solution
Updated: 11 Jun 2024 4:21 EDT
Eclatprime Digital Private Limited
IN
Hi @Satya K
Authentication means that whenever a user tries to log in to an application, the system verifies the user's credentials. If the credentials are valid and exist in the database, the user can log in; otherwise, user will not be able to log in.
For example If you try to login into pega application
It verifies the username and password in the Table Data - Admin - OperatorID, If it matches you can login otherwise you cannot login into your pega application.
2. It searches for the Access group in the operator ID record.
3.It searches for the Application in the Access group.
From the above 3 steps of Authentication A user can enter into the application.
Authorization:
After entering into the application,To Open or execute any rule in the application is determined by the authorization and
it is defined in access group under available roles.
For example :
Hi @Satya K
Authentication means that whenever a user tries to log in to an application, the system verifies the user's credentials. If the credentials are valid and exist in the database, the user can log in; otherwise, user will not be able to log in.
For example If you try to login into pega application
It verifies the username and password in the Table Data - Admin - OperatorID, If it matches you can login otherwise you cannot login into your pega application.
2. It searches for the Access group in the operator ID record.
3.It searches for the Application in the Access group.
From the above 3 steps of Authentication A user can enter into the application.
Authorization:
After entering into the application,To Open or execute any rule in the application is determined by the authorization and
it is defined in access group under available roles.
For example :
There is an application a developer, manager and user all can login into the application but based on the Access group in that defined available roles a opetator can perform the operations.
An Access group can have only one application.
An Operator can loginto the only one application at a time.
An Operator can have many no.of Access groups.
User : A user can loginto the application and create a case but not have modification permissions
Manager : A manager can login into application and review or approve the user submitted case and create a reports but not have modification permissions.
Developer: A developer also can loginto same application and have the permissions of create, modify and delete the rules in application.
Pega provides 2 types of authorization in pega
1.RBAC(Role based access control)
Access when
Access Deny
Access Role Name
Access of Role to object
Privilege
2.ABAC(Attribute based acccess control) : you can mask the properties like Aadhar, Pan,Driving License etc. eg: 7929 80XX XXXX.
Access Control Policy
Access Control Policy Condition
I hope it helps!
Thanks
Regards
Raja
Maantic Inc
IN
In layman terms, authentication addresses who can access an application and authorization addresses what users can do after they access an application.
Eclatprime Digital Private Limited
AU
Hi @Satya K ,
In PEGA, Authentication verifies a user's identity.
Authorization determines the user's access rights to various parts of the application based on their role.
Thanks.
TCS
IN
Authentication
Authentication in Pega Platform™ helps to ensure that only verified users and systems can access your applications.
Authentication consists of two steps: identification (ID) and verification (V).
Identification involves providing your username to the system to establish your identity.
Verification involves providing proof of your identity, typically through a secret passphrase shared between you and the system you want to access.
Authentication in Pega Platform includes:
User credentials
Requests from external services to Pega Platform.
Requests from Pega Platform to external services
Authorization
Authorization in the context of authorization modeling in Pega Platform™ is a security mechanism that determines access rights and privileges related to system resources, including data and application features. It ensures that after logging in, users have access only to the features and data they need for their work. Authentication for user identity verification typically precedes authorization in Pega Platform.
Authentication
Authentication in Pega Platform™ helps to ensure that only verified users and systems can access your applications.
Authentication consists of two steps: identification (ID) and verification (V).
Identification involves providing your username to the system to establish your identity.
Verification involves providing proof of your identity, typically through a secret passphrase shared between you and the system you want to access.
Authentication in Pega Platform includes:
User credentials
Requests from external services to Pega Platform.
Requests from Pega Platform to external services
Authorization
Authorization in the context of authorization modeling in Pega Platform™ is a security mechanism that determines access rights and privileges related to system resources, including data and application features. It ensures that after logging in, users have access only to the features and data they need for their work. Authentication for user identity verification typically precedes authorization in Pega Platform.
Authorization models determine the access that you have to specific features of Pega Platform. You can limit the user to create, update, or delete rules at design time or determine your access to certain application development tools, such as the Clipboard tool or the Tracer tool.
Pega Platform offers four authorization models that are different but complementary: role-based access control (RBAC), attribute-based access control (ABAC), client-based access control (CBAC), and basic access control (BAC).
Please refer below link for more details https://academy.pega.com/mission/security-design/v4/in/62316
Eclatprime Digital Private Limited
IN
Authentication:
Identify confirmation of the user and verify if the user is allowed to access the application.
Below are rules allow authentication of the user.
1. Operator ID
2. Access Group
3.Application
Authorization :
The authorization will define what data user can view and what are the actions a user can perform. We have two authorization models in pega to control user actions.
1. RBAC- Role-based access control
2.ABAC- Attribute-Based access control
Accepted Solution
Updated: 11 Jun 2024 4:21 EDT
Eclatprime Digital Private Limited
IN
Hi @Satya K
Authentication means that whenever a user tries to log in to an application, the system verifies the user's credentials. If the credentials are valid and exist in the database, the user can log in; otherwise, user will not be able to log in.
For example If you try to login into pega application
It verifies the username and password in the Table Data - Admin - OperatorID, If it matches you can login otherwise you cannot login into your pega application.
2. It searches for the Access group in the operator ID record.
3.It searches for the Application in the Access group.
From the above 3 steps of Authentication A user can enter into the application.
Authorization:
After entering into the application,To Open or execute any rule in the application is determined by the authorization and
it is defined in access group under available roles.
For example :
Hi @Satya K
Authentication means that whenever a user tries to log in to an application, the system verifies the user's credentials. If the credentials are valid and exist in the database, the user can log in; otherwise, user will not be able to log in.
For example If you try to login into pega application
It verifies the username and password in the Table Data - Admin - OperatorID, If it matches you can login otherwise you cannot login into your pega application.
2. It searches for the Access group in the operator ID record.
3.It searches for the Application in the Access group.
From the above 3 steps of Authentication A user can enter into the application.
Authorization:
After entering into the application,To Open or execute any rule in the application is determined by the authorization and
it is defined in access group under available roles.
For example :
There is an application a developer, manager and user all can login into the application but based on the Access group in that defined available roles a opetator can perform the operations.
An Access group can have only one application.
An Operator can loginto the only one application at a time.
An Operator can have many no.of Access groups.
User : A user can loginto the application and create a case but not have modification permissions
Manager : A manager can login into application and review or approve the user submitted case and create a reports but not have modification permissions.
Developer: A developer also can loginto same application and have the permissions of create, modify and delete the rules in application.
Pega provides 2 types of authorization in pega
1.RBAC(Role based access control)
Access when
Access Deny
Access Role Name
Access of Role to object
Privilege
2.ABAC(Attribute based acccess control) : you can mask the properties like Aadhar, Pan,Driving License etc. eg: 7929 80XX XXXX.
Access Control Policy
Access Control Policy Condition
I hope it helps!
Thanks
Regards
Raja