Skip to main content
This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.
LinkedIn
Copied!

Pega Customer Service for Healthcare modified rules for BAC prevention

Broken Access control (BAC) refers to all access control issues in web applications that allow end users to gain unauthorized access to privileged data and functionality. Open Web Application Security Project (OWASP) identifies BAC as one of the top 10 security vulnerabilities. BAC usually occurs when users can bypass access control checks by leveraging vulnerabilities such as uniform resource locator (URL)-based requests that do not verify user privileges.

In the 8.3 release, Pega Customer Service for Healthcare has modified the rules that call secured activities in the Pega Platform. The query strings and parameters in the calls are registered so that they cannot be tampered with by the end users.

For more information about the enhancements to prevent Broken Access Control (BAC), and to see a list of rules that were modified for all Pega Customer Service applications, see Pega Customer Service enhancements to prevent Broken Access Control.

The following list shows the modified rules for Pega Customer Service for Healthcare. If you have overridden any of these rules in your Pega Customer Service for Healthcare implementation layer, you need to update them with the changed rules. Run the Pre-Upgrade Checker to identify which of these changed rules are overridden in your implementation layer. For information about the Pre-Upgrade Checker, see the Pega Customer Service for Healthcare and Pega Sales Automation for Healthcare Upgrade Guide on the Pega Customer Service for Healthcare product page.

Rule type Rule name Class name
Rule-Obj-Activity HCInteractionStart PegaCPMHC-Work
Rule-Obj-Activity HCResearchStart PegaCPMHC-Work-Interaction-Research
Rule-Obj-Activity HCManualInboundCorrStart PegaCPMHC-Work-Interaction-InCorr
Rule-Obj-Activity AppUpdatePriorityNoteBU PegaCPMHC-Work
Rule-Obj-Activity HCGetClaimDetails PegaCPMHC-Work
Rule-Obj-Activity HCValidateNoteForPolicy PegaCPMHC-Work
Rule-Obj-Activity HCAddNoteForPolicy PegaCPMHC-Work
Rule-Obj-Activity HCDisplayClaim PegaHC-Data-Claim
Rule-Obj-Activity HCShowProviderDetails PegaHC-Data-Party-Provider
Rule-Obj-Activity HCLaunchSearchInterAndSvcItemsByProvider PegaHC-Data-Party-Provider
Rule-Obj-Activity HCLaunchSearchInterAndSvcItemsByProvider PegaCPMHC-Work
Rule-Obj-Activity HCLaunchAuthSearchByMember PegaCPMHC-Party-Member
Rule-Obj-Activity HCLaunchClaimSearchByMember PegaCPMHC-Work
Rule-Obj-Activity HCLaunchSearchInterAndSvcItemsByMember PegaCPMHC-Party-Member
Rule-Obj-Activity HCLaunchSearchInterAndSvcItemsByMember PegaCPMHC-Work
Rule-Obj-Activity HCDisplayClaimDetails PegaCPMHC-Work-DisputeClaim
Rule-Obj-Activity HCDisplayAuthDetails PegaCPMHC-Work-AppealAuthDenial
Rule-Obj-Activity AppDisplayLink PegaCPMHC-Work
Rule-Obj-Activity HCShowAuthDetails PegaCPMHC-Work
Rule-Obj-Activity HCShowClaimDetails PegaCPMHC-Work
Rule-Obj-Activity HCShowPlanBenefits PegaCPMHC-Work
Rule-Obj-Activity HCSelectProviderBackground PegaCPMHC-Work
Rule-Obj-Activity HCChangePolicyBackground PegaCPMHC-Work
Rule-Obj-Activity HCLaunchClaimSearchByProvider PegaCPMHC-Work
Rule-Obj-Activity HCLaunchClaimSearchByProvider PegaHC-Data-Party-Provider
Rule-Obj-Activity HCChangeMember PegaCPMHC-Work
Rule-Obj-Activity HCChangeMember PegaHC-Data-Party-Provider
Rule-HTML-Section NPSACTIONEXTERNAL PEGAFW-NPS-SURVEY
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us