Pega Customer Service for Insurance modified rules for BAC prevention
In release 8.3 and 8.5, Pega Customer Service for Insurance has modified the rules that invoke secured activities in Pega Platform. The query strings and parameters in the calls are registered so that they cannot be tampered with by the end users.
To see the list of modified rules for Pega Customer Service for Insurance, download the CSI-List-of-Rules-URL-Tampering.xlsx and CSI-85-List-of-Rules-URL-Tampering.xlsx files.
If you have overridden any of these rules in your Pega Customer Service for Insurance implementation layer, you need to update them with the changed rules. Run the Upgrade Checker to identify which of these changed rules are overridden in your implementation layer. For information about the Upgrade Checker, see the Pega Customer Service for Insurance and Pega Sales Automation for Insurance Upgrade Guide on the Pega Customer Service for Insurance product page.
For information about the enhancements to prevent Broken Access Control (BAC), and to see a list of rules and activities that were modified for all Pega Customer Service applications, see Pega Customer Service enhancements to prevent Broken Access Control.
Previous topic Support for integration with a third-party claims system