After upgraded from 8.3.4 to 8.5.2 (CRM) the following ‘Access Control Warning’ shows in the top header of the external Portal. It does not happen for our developer/Admin role but it shows for all the other roles.
Tried to change the below WHEN rules to false but they are already ‘Withdrawn’ and/or False.
WHEN: pySecureFeatures = False
WHEN: pyShowSecureFeatureWarnings = False
WHEN: pyBlockUnregisteredRequest = False
Also tried to remove privilege ‘crmCanCSUserRunActivity’ from activity: pyOnBeforeWindowClose in ruleset PegaCS-Specialization:08-05-01.
Issue still persist.
How can this be removed or prevented from displaying….
***Edited by Moderator: Pooja Gadige to add platform capability tag***
@GOWRISHANKAR we are facing the same issue (8.5.3). We've gone through this article and refactored all rules listed under the Access Control Health Check. Now our health check is clean, but we still see this warning displayed for non-admin users. Please advise.
For auto generated Sections or Navigation rules, the registration is simple, you can check the "Register OOTB actions used in script for URL tamper proofing" checkbox if you are using "Run Script" option. For non auto generated HTMLs, Custom Controls etc., the above links provide steps to perform for securing them. Additionally, if you use Mashup or Snapstart in your application, you should encrypt those URLs.