Support Article
The HavePrivilege function returns differently after upgrade
SA-22928
Summary
HavePrivilege function returns differently after upgrade from PRPC 6.3 SP 1 to Pega 7.1.9 They have two roles for an accessgroup. One role has privilege Perform with level 5 on Work- class. Work-X is a generic class defined on top of Work-
Running havePrivilege(tools,work-x, perform,null) function with the custom work class on perform privilege it is returning false on PRPC 6.3SP1, whereas after upgrade it is returning true on Pega 7.1.9.
Error Messages
Not Applicable.
Steps to Reproduce
- Create a class on top of work class ex: ABC-CDE-EFG-Work-Sales.
- Define an access group or role.
- Define access to object role with Work- and perform privilege with level 5.
- Call Out-of-the-box (OOTB) havePrivilege function on Custom work class, that is ABC-CDE-EFG-Work-Sales.
Result:
Returning false in Pega 6.3 SP1
Returning true in Pega 7.1.9
Root Cause
A software use or operation error
When running the above function in Pega 6.3SP1 the @HavePrivilege(tools, "Perform", .pxRefObjectClass, null) is not used to parse pxRefObjectClass, but starting from Pega 7.1.4 pxRefObjectClass is now parsed and this result in the function returning true because the pxRefObjectClass was not passed into the function.
Resolution
Here’s the explanation for the reported behavior:
In summary the implementation in PRPC 6.3 SP1 is used to take advantage of this loophole, to overcome this in Pega 7.1.9:
Customize a canPerform rule to test for any custom role.
Published May 14, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.