When we write an new activity or update an old activity in 8.5.x we are forced to check the option "Require Authentication to run" else a severe warning is thrown.
Otherwise if we are using allow direct invocation check box, we are again forced to use a privilege to avoid severe warning.
This is not the case until 8.4 version. we have upgraded our application to 8.5.x and the compliance score has come down sharply. Any specific reason why we need to use this option for simple utilities or flow utilities?
I think this is a bug in 8.5.x to use any of these options or any specific reason to use these options. can someone please help how to turn this off or any workaround.
***Edited by Moderator: Pooja Gadige to add platform capability tag***
The "Require authentication to run" setting OOTB is checked and "Allow direct invocation from the client or a service" unchecked as this increases the security of your application. The case of the warning changes as our understanding of the security of our clients' applications increased. Therefore we added new guardrails to help developers of Pega Platform applications in securing their applications.