Pega Sales Automation modified rules for BAC prevention (7.4-8.3)
Broken Access control (BAC) refers to all access control issues in web applications that allow end users to gain unauthorized access to privileged data and functionality. Open Web Application Security Project (OWASP) identifies BAC as one of the top 10 security vulnerabilities. BAC usually occurs when users can bypass access control checks by leveraging vulnerabilities such as uniform resource locator (URL)-based requests that do not verify user privileges.
In the 8.3 release, Pega Sales Automation has modified the rules that call secured activities in the Pega Platform. The query strings and parameters in the calls are registered so that they cannot be tampered by the end users.
For more information about the enhancements to prevent Broken Access Control (BAC), see Protecting the application layer.
To see additional modified rules for the Pega Sales Automation industry applications, see the following articles:
- Pega Sales Automation for Financial Services modified rules for BAC prevention
- Pega Sales Automation for Healthcare modified rules for BAC prevention
- Pega Sales Automation for Insurance modified rules for BAC prevention
Attached at the bottom of the article are all modified rules for Pega Sales Automation for Insurance 8.5. If you have overridden any of these rules in your Pega Sales Automation implementation layer, you need to update them with the changed rules.
The following list shows the modified rules for Pega Sales Automation 8.3. If you have overridden any of these rules in your Pega Sales Automation implementation layer, you need to update them with the changed rules.
| # | Rule type | Rule name | Class name | Available | Ruleset version |
|---|---|---|---|---|---|
| 1 | Rule-Navigation | crmWorkMenu | PegaCRM-Work-SFA-Lead | Yes | PegaCRM-SFA:08-03-01 |
| 2 | Rule-Navigation | crmWorkMenu | PegaCRM-Work-SFA-Lead-Ind | Yes | PegaCRM-SFA:08-03-01 |
| 3 | Rule-HTML-Section | AccountsHeaderInOrg | PegaCRM-Entity-Org | Yes | PegaCRM-SFA:08-03-01 |
| 4 | Rule-Navigation | ContactMenu | PegaCRM-Entity-Contact | Yes | PegaCRM-SFA:08-03-01 |
| 5 | Rule-HTML-Section | crmOperatorsInPartner | PegaCRM-Entity-Org-Partner | Yes | PegaCRM-SFA:08-03-01 |
| 6 | Rule-Obj-Flow | crmCreate | PegaCRM-UserMaintenance- | Yes | PegaCRM-SFA:08-03-01 |
| 7 | Rule-HTML-Section | pyUserDashboardHeader | Data-Portal | Yes | SA-Specialization:08-03-01 |
| 8 | Rule-HTML-Section | crmUserDashboardemplateThreeColumn | @baseclass | Yes | PegaCRM-SFA:08-03-01 |
| 9 | Rule-HTML-Section | crmUserDashboardemplateTwoColumn | @baseclass | Yes | PegaCRM-SFA:08-03-01 |
| 10 | Rule-File-Text | webwb • crm_dashboard_postaction • js | Yes | PegaCRM-SFA:08-03-01 | |
| 11 | Rule-HTML-Section | Icons | PegaCRM-Entity-Contact | Yes | PegaCRM-SFA:08-03-01 |
| 12 | Rule-Navigation | crmRelatedLeads_Navigation | PegaCRM-Entity- | Yes | PegaCRM-SFA:08-03-01 |
| 13 | Rule-Navigation | LeadMenu | PegaCRM-Work-SFA-Lead | Yes | PegaCRM-SFA:08-03-01 |
| 14 | Rule-Navigation | OrgsMenu | PegaCRM-Entity-Org | Yes | PegaCRM-SFA:08-03-01 |
| 15 | Rule-HTML-Section | OpportunityHeader | PegaCRM-Entity-Contact | Yes | PegaCRM-SFA:08-03-01 |
| 16 | Rule-Navigation | crmRelatedOpps_Navigation | PegaCRM-Entity- | Yes | PegaCRM-SFA:08-03-01 |
| 17 | Rule-Navigation | OppMenu | PegaCRM-Work-SFA-Opportunity | Yes | PegaCRM-SFA:08-03-01 |
| 18 | Rule-HTML-Section | ViewOrganizationNBAData | PegaCRM-Data-NextBestActions | Yes | SA-Artifacts:08-03-01 |
| 19 | Rule-Navigation | crmWorkMenu | PegaCRM-Entity-Org | Yes | PegaCRM-SFA:08-03-01 |
| 20 | Rule-Navigation | crmWorkMenu | PegaCRM-Work-FundRequest | Yes | PegaCRM-SFA:08-03-01 |
| 21 | Rule-Navigation | crmWorkMenu | PegaCRM-Work-SFA-Opportunity-Ind | Yes | PegaCRM-SFA:08-03-01 |
| 22 | Rule-Navigation | crmWorkMenu | PegaCRM-Work-SFA-Opportunity | Yes | PegaCRM-SFA:08-03-01 |
| 23 | Rule-HTML-Section | OpportunitiesCreateButtons_Mobile | PegaCRM-Work- | Yes | PegaCRM-SFA:08-03-01 |
| 24 | Rule-HTML-Section | pyWorkGetNextWork | Work- | Yes | PegaCRM-SFA:08-03-01 |
| 25 | Rule-Navigation | SFAPortalMenuItems_Mobile | PegaCRM-Portal | Yes | PegaCRM-SFA:08-03-01 |
| 26 | Rule-HTML-Property | crmStageProcessLink | Yes | PegaCRM-SFA:08-03-01 | |
| 27 | Rule-Navigation | crmWorkMenu | PegaCRM-Entity-Contact | Yes | PegaCRM-SFA:08-03-01 |
| 28 | Rule-Navigation | RecipientsMenu | PegaCRM-Entity-Contact | Yes | PegaCRM-SFA:08-03-01 |
| 29 | Rule-HTML-Section | crmSubmitAndCancel | PegaCRM-Work- | Yes | PegaCRM-SFA:08-03-01 |
| 30 | Rule-HTML-Section | crmSubmitAndCancel | PegaCRM-Work-SFA-Lead | Yes | PegaCRM-SFA:08-03-01 |
Previous topic Integrating Pega Sales Automation with Gmail by using the Chrome extension Next topic Deprecated and withdrawn rules and table changes in Pega Sales Automation (7.4-'23)