We have an issue reported by security team that a user with lower access can access unauthorized harness by intercepting and manipulating the request. We use privilege for visible condition in navigation rule to restrict particular option for user on portal. "pega.desktop.showHarness" script is called by passing harness name on clicking menu option. After intercepting the request by security team for an option, they altered harness name to an unauthorized one, and harness is displayed without any issue.
We are in Pega 8.6.4. Please advise how to apply restriction here?
I've gone through the below post but no clue what to do.