Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Using Access Control Checks

Updated on March 15, 2022

Use access control checks to identify broken custom code that must be fixed. During development, it is easy to introduce risks into your application by implementing custom code. By using access control checks, you help proactively fix your code by identifying potential issues.

If you do not fix broken access controls, when you enable security protections and the application goes into hardening, the broken features may stop working or may not work properly.

  1. In the header of Dev Studio, click ConfigureOrg and SecurityToolsSecurityAccess Control Check.
  2. Optional: On the Search Criteria tab, select from the following check boxes:
    1. Select an Application check box to define the application on which you will run the access control check, as shown in the following figure:
      Defining the application to run an access control check
      Defining the application to run an access control check
      Note: The current application is selected by default. If you have multiple applications configured, you can run tests on the applications at the same time.
      Note: Running tests for multiple applications at the same time takes longer to process the request. The more applications that you check, the longer the Access Control Check will take.
    2. Select the Rulesets check box to define the rulesets on which you want to run the Access Control Check. By default, all rulesets are selected. However, to only run checks on certain rulesets, clear the Ruleset check box to manually indicate which rulesets you want to run the check on.
      Note: When you make small changes to a ruleset that you want to verify, it is more effective to run the Access Control Check on just the rulesets that you change, to ensure that they do not cause any unintended issues.
  3. Optional: To select whether to display and run the Access Control Check on rules that call custom code in custom calls or on a Standard API, select one of the following radio buttons:
    Custom calls in custom code
    Runs the rules in your applications that call custom code from custom calls.
    Standard API calls in custom code
    Runs the rules in your applications that call custom code from Standard API.
  4. Click List Rules for mitigation button.
    The results display as shown in the following figure:
    List rules for mitigation results
    List rules for mitigation results
  5. Optional: To view the matched strings for each line result, click the Preview icon for that line.
    The following figure shows an example of the line preview:
    Line preview results
    Line preview results
  6. Optional: To group rules based on Rule Type or Ruleset, click Group.
  7. Open each rule to refactor and address its issues.
Result: The system will display a table of Access Control alerts that you need to mitigate.

Tags

Pega Platform 8.7 Security

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us