INC-127981 · Issue 562998
Rulesets removed from direct invocation ability
Resolved in Pega Version 8.2.7
The following rules have been updated such that they are no longer available to be invoked directly by a client or service: Clipboard_ExecuteActivity, getClassInstances, getOperatorIDs, and GetXMLRuleData. In addition, pzAutoGenClipboard_ExecuteActivity will now require authentication.
SR-D79831 · Issue 562800
Access Deny working as expected for Offers
Resolved in Pega Version 8.2.7
It was possible to Save-As an offer in PegaMKT-Work-Offer after encountering an access deny rule. The record was not created in Dev Studio, however, and an expected denial of access was not registered at runtime. This was due to Access deny rules not being considered as a part of validation, and has been resolved by adding the necessary permission validation to the new harness that will produce the error message informing the user that they are missing a permission. Additional work has also been done to pass the 'pzKeepPageMessages' parameter as true so that page level error messages are correctly displayed.
SR-D87673 · Issue 548627
PegaCESvcsIntegrator security updated
Resolved in Pega Version 8.2.7
Security updates have been made which now require authentication to consume the services from the PegaCESvcsIntegrator package.
SR-D88451 · Issue 550848
Testcases are not available for 'access when' rules
Resolved in Pega Version 8.2.7
Attempting to create test cases for access when rules resulted in guardrail warnings about the need to create a test case. Because Test Cases are not available for the Access When rule type as per Pega expected behavior, the guardrail warnings are not valid and have been removed.
SR-D91834 · Issue 554424
Related cases of different types properly linked in Case Worker Portal
Resolved in Pega Version 8.2.7
After creating a case of type1 in the Case Worker portal, creating a case of type2 from the first case showed the case ID of the second case in the Related Work section as expected. However, after clicking on the link of the case ID of the second case from the related work section, the second case opened but the case ID of the first case was not shown in the Related work. The cases were correctly associated when the Case Manager portal was used instead. This was traced to the Case Worker clipboard continuing to hold the previous case ID thread, and has been resolved.
INC-137709 · Issue 584297
New security role added to restrict access to development-specific classes
Resolved in Pega Version 8.5.1
A new security role and related RAROs have been implemented to allow better security for end users on non-BAC systems. This restricts access to Rules and execution of activities on classes that are development-specific.
INC-128811 · Issue 587213
Operator created with save-as has correct application access
Resolved in Pega Version 8.5.1
Creating an operator using Save As retained access to the applications of the original operator even if they were removed in the creation process. This was due to the saveAs operation of the Operator not retaining consistency between the records in the ValueList pyAccessGroupsAdditional and the page list pyaccessgroups_opid. To resolve this, the PreSaveAs of the Operator ID has been updated to maintain consistency in the records.
INC-132517 · Issue 578985
Correct manager name retained for skill-based routing updates
Resolved in Pega Version 8.5.1
In App Studio, having a manager update a team member's skills changed that team member's reporting Manager name (.pyReportTo) upon save. This was a use case where multiple operator IDs were required for the same person (name and email), so that using the report definition parameter 'BestOperatorValue' for the pzUpdateOperatorInfo activity caused an incorrect manager name to be set to the team member's operator ID. This has been resolved.
INC-127392 · Issue 574286
Delegated Decision table rule grid loads in iFrame with SSO
Resolved in Pega Version 8.5.1
The delegated decision table rule grid and checkout options were not displayed when launched from iFrame using SSO sign in. Without SSO, the delegated decision table grids were loading properly for the same Access group. The heart of this issue was that decision tables were using an older style of Designer Studio javascript which was not designed to be embedded in an iFrame due to issues related to Cross-Origin Resource Sharing (CORS). In order to support the usecase of the Pega end user portal/application being integrated to an external domain application using an iFrame, enhancements have been made to the necessary delegated rule function definitions.
INC-135095 · Issue 581849
Tracer toolbar shows correctly in IE
Resolved in Pega Version 8.5.1
After upgrade, the developer toolbar for the tracer pop up was not visible in Internet Explorer. Investigation showed that Microsoft Internet Explorer was loading the correct elements, but they were not displaying due to recent updates made to prevent Cross-site scripting vulnerabilities for the tracer. This has been resolved.