Table of Contents

Pega Sales Automation modified rules for BAC prevention

Broken Access control (BAC) refers to all access control issues in web applications that allow end users to gain unauthorized access to privileged data and functionality. Open Web Application Security Project (OWASP) identifies BAC as one of the top 10 security vulnerabilities. BAC usually occurs when users can bypass access control checks by leveraging vulnerabilities such as uniform resource locator (URL)-based requests that do not verify user privileges.

In the 8.3 release, Pega Sales Automation has modified the rules that call secured activities in the Pega Platform. The query strings and parameters in the calls are registered so that they cannot be tampered by the end users.

For more information about the enhancements to prevent Broken Access Control (BAC), see Protecting the application layer.

To see additional modified rules for the Pega Sales Automation industry applications, see the following articles:

The following list shows the modified rules for Pega Sales Automation. If you have overridden any of these rules in your Pega Sales Automation implementation layer, you need to update them with the changed rules.

    # Rule type Rule name Class name Available Ruleset version
    1 Rule-Navigation crmWorkMenu PegaCRM-Work-SFA-Lead Yes PegaCRM-SFA:08-03-01
    2 Rule-Navigation crmWorkMenu PegaCRM-Work-SFA-Lead-Ind Yes PegaCRM-SFA:08-03-01
    3 Rule-HTML-Section AccountsHeaderInOrg PegaCRM-Entity-Org Yes PegaCRM-SFA:08-03-01
    4 Rule-Navigation ContactMenu PegaCRM-Entity-Contact Yes PegaCRM-SFA:08-03-01
    5 Rule-HTML-Section crmOperatorsInPartner PegaCRM-Entity-Org-Partner Yes PegaCRM-SFA:08-03-01
    6 Rule-Obj-Flow crmCreate PegaCRM-UserMaintenance- Yes PegaCRM-SFA:08-03-01
    7 Rule-HTML-Section pyUserDashboardHeader Data-Portal Yes SA-Specialization:08-03-01
    8 Rule-HTML-Section crmUserDashboardemplateThreeColumn @baseclass Yes PegaCRM-SFA:08-03-01
    9 Rule-HTML-Section crmUserDashboardemplateTwoColumn @baseclass Yes PegaCRM-SFA:08-03-01
    10 Rule-File-Text webwb • crm_dashboard_postaction • js   Yes PegaCRM-SFA:08-03-01
    11 Rule-HTML-Section Icons PegaCRM-Entity-Contact Yes PegaCRM-SFA:08-03-01
    12 Rule-Navigation crmRelatedLeads_Navigation PegaCRM-Entity- Yes PegaCRM-SFA:08-03-01
    13 Rule-Navigation LeadMenu PegaCRM-Work-SFA-Lead Yes PegaCRM-SFA:08-03-01
    14 Rule-Navigation OrgsMenu PegaCRM-Entity-Org Yes PegaCRM-SFA:08-03-01
    15 Rule-HTML-Section OpportunityHeader PegaCRM-Entity-Contact Yes PegaCRM-SFA:08-03-01
    16 Rule-Navigation crmRelatedOpps_Navigation PegaCRM-Entity- Yes PegaCRM-SFA:08-03-01
    17 Rule-Navigation OppMenu PegaCRM-Work-SFA-Opportunity Yes PegaCRM-SFA:08-03-01
    18 Rule-HTML-Section ViewOrganizationNBAData PegaCRM-Data-NextBestActions Yes SA-Artifacts:08-03-01
    19 Rule-Navigation crmWorkMenu PegaCRM-Entity-Org Yes PegaCRM-SFA:08-03-01
    20 Rule-Navigation crmWorkMenu PegaCRM-Work-FundRequest Yes PegaCRM-SFA:08-03-01
    21 Rule-Navigation crmWorkMenu PegaCRM-Work-SFA-Opportunity-Ind Yes PegaCRM-SFA:08-03-01
    22 Rule-Navigation crmWorkMenu PegaCRM-Work-SFA-Opportunity Yes PegaCRM-SFA:08-03-01
    23 Rule-HTML-Section OpportunitiesCreateButtons_Mobile PegaCRM-Work- Yes PegaCRM-SFA:08-03-01
    24 Rule-HTML-Section pyWorkGetNextWork Work- Yes PegaCRM-SFA:08-03-01
    25 Rule-Navigation SFAPortalMenuItems_Mobile PegaCRM-Portal Yes PegaCRM-SFA:08-03-01
    26 Rule-HTML-Property crmStageProcessLink   Yes PegaCRM-SFA:08-03-01
    27 Rule-Navigation crmWorkMenu PegaCRM-Entity-Contact Yes PegaCRM-SFA:08-03-01
    28 Rule-Navigation RecipientsMenu PegaCRM-Entity-Contact Yes PegaCRM-SFA:08-03-01
    29 Rule-HTML-Section crmSubmitAndCancel PegaCRM-Work- Yes PegaCRM-SFA:08-03-01
    30 Rule-HTML-Section crmSubmitAndCancel PegaCRM-Work-SFA-Lead Yes PegaCRM-SFA:08-03-01

    Have a question? Get answers now.

    Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.