Use the Security tab to specify the activity type and optionally to restrict which users (or other requestors) can execute the activity. This optional security supplants restrictions based on ruleset and version.
You can specify zero, one, or more than one privilege to restrict access. Order is not significant. At run time, any match between a privilege listed and those a user possesses allows users to execute this rule.
|Allow invocation from browser||Select to allow users to start this activity directly through user input
processing, for example through a Submit button or a |
For example, select the box for a service activity, or if this activity is called by an AJAX event from a form.
At run time, if the box is not selected and a user attempts to start
this activity by user input, the activity does not run and returns a method status
For most activities, leave this box cleared to promote security of your application. Unless needed by your design, allowing activities to be started from a URL or other user input — whether the requestor is authenticated or a guest — may let users bypass important checking, security, or setup.
|Require authentication to run||Select to require that only authenticated requestors can start this
Clear to allow guest users to run this activity, if they meet other security and access criteria. Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.
In most cases, clear this check box if the activity is for an agent. Agents are not true authenticated users and by default cannot run activities that are restricted to authenticated users. However, this check box is ignored by agents for which the Bypass activity authentication check box (on the Security tab is checked; they can run activities regardless of the Authenticate? value.
Identify privileges in this array to restrict which users and other requestors can execute this activity. At run time, if the user does not possess an access role that — through an Access of Role to Object rule — provides access to one of the identified privileges, the execution of the activity fails.
|Privilege Class||Optional. Identify the Applies To key part of a class to use at run time to locate a privilege rule. Normally this is the same as the Applies To key part of this activity.|
|Privilege Name||Optional. Identify the name for a privilege in that class (or an ancestor class). The class you enter and the name must together identify a privilege (using rule resolution including class inheritance.)|
Determine whether and how this activity can be referenced in other rules. For an
activity that is not to be referenced in a flow, choose one of these values: Declare Expression rules do not
evaluate during the execution of an OnChange.activity. OnChange
activities must not perform any forward chaining
Declare Expression rules do not evaluate during the execution of an OnChange.activity. OnChange activities must not perform any forward chaining themselves.
Do not choose