By default, client-based access control applies to personal data that is stored in
the Pega Platform database. By doing additional configuration, you can also
apply client-based access control to non-Pega databases and other data sources.
For client-based access control of personal data that is not stored in the Pega Platform database, you can write activities that access, rectify,
and erase the personal data on your external data source.
For information about the overall CBAC process, see the
Pega Community article Supporting EU GDPR data privacy rights in Pega Infinity with
client-based access control.
-
Create three activities: one to access, one to rectify, and one to erase data
on your external data source. If possible, these activities should return the
results in JSON format.
- For a database, the activity can call one of the RDB methods to operate
on a Connect SQL rule.
- For a data set, the activity can call
DataSet-Execute.
- For a data flow, the activity can call
DataFlow-Execute.
For example, a statement to return the step page in JSON format is similar to
the following. After calling this, you remove the step
page.
tools.sendFile(myStepPage.getJSON(false).getBytes(),"CustomerData.json",false,null,true);
-
Create a client-based access control rule, or open an existing rule from the
navigation panel by clicking .
-
Configure your access control rule as described in Configuring a client-based access control rule.
-
In the Activity name fields, enter the names of the
activities that you created in step 1 for Access,
Rectify, and Erase.
-
Click Save.