Skip to main content

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Pega Customer Service for Financial Services modified rules for BAC prevention

Suggest edit Updated on September 10, 2021

+

This content applies to On-premises, Client-managed cloud and Pega Cloud environments

In release 8.3, Pega Customer Service for Financial Services has modified the rules that invoke secured activities in Pega Platform. The query strings and parameters in the calls are registered so they cannot be tampered with by the end users.

If you have overridden any of these rules in your Pega Customer Service for Financial Services implementation layer, you need to update them with the changed rules. Run the Pre-Upgrade Checker to identify which of these changed rules are overridden in your implementation layer. For information about the Pre-Upgrade Checker, see the Pega Customer Service for Financial Services and Pega Sales Automation for Financial Services Upgrade Guide on the Pega Customer Service for Financial Services product page.

For information about the enhancements to prevent Broken Access Control (BAC), and to see a list of rules and activities that were modified for all Pega Customer Service applications, see Pega Customer Service enhancements to prevent Broken Access Control.

The following list shows the modified rules for Pega Customer Service for Financial Services. If you have overridden any of these rules in your Pega Customer Service for Financial Services implementation layer, you need to update them with the changed rules.

RuleRule nameClass nameAvailable
Rule-HTML-SectionChatToasterPopChannelServices-Interaction-ChatYes
Rule-HTML-SectionCSShowOffersInt-PegaCDH-Container-OfferYes
Rule-HTML-SectionCPMAccountDetailsPegaCA-Interface-ContactYes
Rule-HTML-SectionCSOfferInt-PegaCDH-Container-OfferYes
Rule-HTML-SectionCSShowNextBestActionInt-PegaCDH-Container-ActionYes
Rule-HTML-SectionCustomerAcceptedRequestPegaCA-Work-CobrowsingSessionYes
Rule-HTML-PropertySlotPickerNAYes
Rule-HTML-SectionCPMIPSearchResultsCPM-PortalYes
Rule-HTML-SectionCPMAutoLauchServiceProcessPegaCA-WorkYes
Rule-HTML-SectionCPMFavoritesListDisplayCPM-PortalYes
Rule-NavigationCPMSearchResultMenuCPM-Search-ResultYes
Rule-NavigationCPMProspectSearchResultMenuPegaCRM-Entity-ContactYes
Rule-HTML-SectionCaseLockLostInfoPegaCA-Work-InteractionYes
Rule-HTML-SectionCACollectSessionCode_FAPegaCA-Work-CobrowsingSessionYes
Rule-HTML-SectionCPMConfirmIncludesWork-Yes
Rule-HTML-SectionCPMINTERACTIONPORTALHEADERCPM-PORTALYes
RULE-HTML-FRAGMENTSCREENPOPINTERACTIONSTARTERNAYes
Rule-HTML-SectionAutoCloseWork-Yes
Rule-HTML-SectionCPMInteractionPortalHeaderCPM-PortalYes
Rule-HTML-SectionGenerateChatPromptsWork-Final

In addition to the changes in the preceding table, several Pega Customer Service for Financial Services activities that do not need to be started from a client in the form of an AJAX call or any other UI request have also been modified. The Allow direct invocation from the client or service check box is cleared for these activity rules. To see the list of modified activity rules, download the CSFS-List-of-Activity-Rules-URL-Tampering.xlsx file.

Did you find this content helpful? YesNo

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us