Security planning
Security planning involves defining authorization and authentication strategies for your application. It is a best practice to create new access groups and roles that are based on the default access groups and roles that come with the product. Security planning also involves setting up your organizational structure and operator attributes. Pega Care Management™ provides security in the form of access settings and denial rules. Many integration rules also incorporate authentication.
Configuration of your organizational structure
Organizations are modeled on a three-level structure:
- Organization
- Division
- Organizational Unit
The structure that you create affects many parts of the Pega Care Management application, such as the management reports, statistics, and rules that are available to users in that organization.
The organizational structure can affect how and where work is routed and who can access which parts of a system. It can be used to determine which calendars users see and to which queues work is routed. Best practices recommend that organizations get their organization structure set up as soon as possible in the project and not leave this to the end.
By using the Operator ID record, each user is associated with one Organization, Division, and Organization Unit, which locates the users in the correct part of the organization. For example, an organization could set its structure as UPlus Health (organization), Care Management (division), and Program Referrals (an organizational unit). The following figure shows a sample organizational chart in Dev Studio:
Correct organizational structure can help you to implement common functionality without custom development. Examples include:
- Providing access to certain functionality based on a user’s position within the hierarchy.
- Restricting access to certain functionality based on the user’s hierarchy position.
- Routing of work items: which queue should work be placed into, based on the owner of that work and his or her position in the hierarchy.
- Reporting and division of data on reports.
To configure your organizational structure, perform the following steps:
- In the header of Dev Studio, click Configure > Org & Security > Organization > Organizational Chart.
- Review the existing structure.
- Determine the organization, division, and unit levels of the hierarchy.
Authentication strategies
Define the authentication strategies for your application. Authentication proves to the application that you are who you say you are. Pega Platform™ offers the following authentication types:
- PRBasic
Based on passwords in the Operator ID data instances and the login form. The login form is defined by the HTML @baseclass.Web-Login rule, which your application can override. - PRSecuredBasic
Similar to PRBasic, but passes credentials by using Secure Sockets Layer (SSL) with Basic HTTP authentication. The login form is defined by the HTML @baseclass.Web-Login-SecuredBasic rule, which your application can override. - PRCustom
Supports access to an external LDAP directory or a custom authentication scheme. - PRExtAssign
Supports external assignments (Directed Web Access). - J2EEContext
Specifies that the application server in which Pega Platform is deployed; uses JAAS to authenticate users.
Authorization schemes
Pega Care Management comes with a set of predefined access groups, roles, and privileges. You can use the application roles as a starting point, but you should create your own application-specific access groups and roles to avoid any future problems when upgrading.
Other rule types such as sections, flow actions, and activities use roles and privileges to allow access to these rules at run time.
The following table lists access roles and Pega Care Management features. An X in the table cell indicates that the person with the specified role can access the corresponding feature. If you want to change a role, for example, if you want the PegaCare:UMCoordinator to help with new program enrollments or new program referrals, you modify the access rights for that role.
This Topic is available in the following Module:
If you are having problems with your training, please review the Pega Academy Support FAQs.
Want to help us improve this content?