Skip to main content


Implementing client-based access control (CBAC)

Suggest edit Updated on October 1, 2021

Implement client-based access control (CBAC) to ensure the data privacy requirements of the European Union (EU) General Data Protection Regulation (GDPR) and similar regulations. For more information, see Building a client-based access control environment.

To establish CBAC rules for instances potentially containing private data, complete the following steps.
  1. In the header of Dev Studio, search for and open the GDPR_ContactCBAC rule.
  2. On the Data elements tab, make edits as necessary. For more information, see Configuring a client-based access control rule.
  3. Optional: If custom edits are needed to access, rectify, or delete private data, add custom activities on the Identifier mapping tab.
    Note: Only unique IDs, such as, first name, last name, or birth date are allowed.
  4. Repeat steps 1-3 for the GDPR_B2CLeadCBAC and GDPR_HouseholdCBAC rules.
Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best. is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us