Pegasystems Certified Lead System Architect (CLSA) PEGACPLSA23V1 Question # 9 Topic 1 Discussion
PEGACPLSA23V1 Exam Topic 1 Question 9 Discussion:
Question #: 9
Topic #: 1
In the HRApp application, authorized users handle salary reviews by using the SalaryReview case type. You want to restrict access to only human resources staff and managers. What is the best possible solution to achieve this outcome?
A.
Assign the HRApp:SalaryReview role to the HRApp:HRStaff and HRApp:Managers access groups. Ensure that the HRApp:SalaryReview role has permission to open the SalaryReview case type.
B.
Use client-based access control to track and process requests related to personal customer data.
C.
Implement attribute-based access control to manage access based on user attributes dynamically.
D.
Define an access policy that explicitly prevents access to the SalaryReview case type for all users except HRApp:HRStaff and HRApp:Managers.
Comprehensive and Detailed Explanation From Exact Extract:
Pega’s Role-Based Access Control (RBAC), as outlined in Pega Academy’sSecurity Missionand thePega Certified Lead System Architect Study Guide, is the most straightforward and effective method for restricting case access to specific user groups, using roles and access groups to define permissions.
Option A (Correct): Assigning the HRApp:SalaryReview role to the HRApp:HRStaff and HRApp:Managers access groups, with permissions to open the SalaryReview case type, ensures only authorized users can access it. This leverages Pega’s RBAC framework, as documented in theRole-Based Access Controlsection of Pega Community.
Option B (Incorrect): Client-Based Access Control (CBAC) is for managing customer data requests (e.g., GDPR compliance), not for restricting case type access, per theCBAC Configurationmodule.
Option C (Incorrect): Attribute-Based Access Control (ABAC) is more complex and suited for dynamic, attribute-driven access (e.g., based on user location). RBAC is simpler for role-based restrictions, as noted in theAccess Controlguidelines.
Option D (Incorrect): Defining an access policy to explicitly deny access to all except specific groups is less efficient than granting access via RBAC. Deny policies are typically used for exceptions, not primary access control, per theAccess Policymodule.
[:, Pega Academy:Security Mission(covers RBAC and access control)., Pega Community:Role-Based Access Control(details on role permissions)., Pega Certified Lead System Architect Study Guide (v23): Section onSecurity Design(emphasizes RBAC for case access)., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit