Question
US
Last activity: 21 Jul 2017 10:53 EDT
what is appropriate use of may start and authentication checbox in activities?
what is appropriate use of may start and authentication checkboxes under the security tab in activities?
Your explanation would be highly helpful. Thanks in advance,
***Updated by moderator: Lochan to close post***
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Pegasystems Inc.
IN
Hello Shushruth,
May Start : Select to allow users to start this activity directly through user input processing, for example through a Submit button or a pyActivity= element in an URL. Clear this if this activity is to be started only from another activity, through a Call, Branch, or other means.
For example, select the box for a service activity, or if this activity is called by an AJAX event from a form, such as a SmartInfo request from a list view display.
If, at runtime, the box is not selected and a user attempts to start this activity by user input, the activity does not run and returns a method status of Fail:Security.
Authenticate : Select to require that only authenticated requestors can start this activity.Clear to allow guest users to run this activity, if they meet other security and access criteria. Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.
CautionIf you update the BROWSER requestor type to reference a different access group, or update the PegaRULES:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully this checkbox for each activity in the RuleSets. Select this checkbox for all but those specific activities that guests need to run.
For more please refer :
Hello Shushruth,
May Start : Select to allow users to start this activity directly through user input processing, for example through a Submit button or a pyActivity= element in an URL. Clear this if this activity is to be started only from another activity, through a Call, Branch, or other means.
For example, select the box for a service activity, or if this activity is called by an AJAX event from a form, such as a SmartInfo request from a list view display.
If, at runtime, the box is not selected and a user attempts to start this activity by user input, the activity does not run and returns a method status of Fail:Security.
Authenticate : Select to require that only authenticated requestors can start this activity.Clear to allow guest users to run this activity, if they meet other security and access criteria. Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.
CautionIf you update the BROWSER requestor type to reference a different access group, or update the PegaRULES:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully this checkbox for each activity in the RuleSets. Select this checkbox for all but those specific activities that guests need to run.
For more please refer :
https://community.pega.com/sites/default/files/help_v63sp1/Default.htm
https://community.pega.com/sites/default/files/help_v718/procomhelpmain.htm
Updated: 17 Jul 2015 4:55 EDT
Pegasystems
IN
The Pega help has the following for May Start
Select to allow users to start this activity directly through user input processing, for example through a Submit button or a pyActivity= element in an URL. Clear this if this activity is to be started only from another activity, through a Call, Branch, or other means.
For example, select the box for a service activity, or if this activity is called by an AJAX event from a form, such as a SmartInfo request from a list view display.
If, at runtime, the box is not selected and a user attempts to start this activity by user input, the activity does not run and returns a method status of Fail:Security.
The Pega help has the following for May Start
Select to allow users to start this activity directly through user input processing, for example through a Submit button or a pyActivity= element in an URL. Clear this if this activity is to be started only from another activity, through a Call, Branch, or other means.
For example, select the box for a service activity, or if this activity is called by an AJAX event from a form, such as a SmartInfo request from a list view display.
If, at runtime, the box is not selected and a user attempts to start this activity by user input, the activity does not run and returns a method status of Fail:Security.
For most activities, leave this box cleared to promote security of your application. Unless needed by your design, allowing activities to be started from a URL or other user input — whether the requestor is authenticated or a guest — may let users bypass important checking, security, or setup.
And the following for authentication
Select to require that only authenticated requestors can start this activity.
Clear to allow guest users to run this activity, if they meet other security and access criteria. Guest users — unauthenticated requestors — typically have access to rules in the RuleSets provided in the PRPC:Unauthenticated access group, as referenced in the Requestor type instance named pega.BROWSER.
If you update the BROWSER requestor type to reference a different access group, or update the PegaRULES:Unauthenticated access group to make additional RuleSets available to unauthenticated users, review carefully this check box for each activity in the RuleSets. Select this check box for all but those specific activities that guests need to run.
In most cases, clear this check box if the activity is for an agent. Agents are not true authenticated users and by default cannot run activities that are restricted to authenticated users. However, this check box is ignored by agents for which the Bypass activity authentication check box (on the Security tab is checked; they can run activities regardless of the Authenticate? value.
https://community.pega.com/sites/default/files/help_v718/procomhelpmain.htm
Pegasystems
US
In real life, I rarely touch the authenticate box.
I often turn on the "may start" box because a lot of the activities I create, I want to unit-test with the "run" button, so using "may start" avoids seeing a warning telling me that I didn't click "may start". Eric
Pegasystems
US
Hi matthew,
Typically, my activities ARE just for testing. So I never bother to turn off the “may start” checkmark on those activities. /Eric
Pegasystems Inc.
IN
If security has to be evaluated, please find below the Risk combination summary...
| May Start | Authentication Required | Risk |
| Yes | No | High |
| No | No | Less |
| Yes | Credentials are required to execute the activity |
Pegasystems Inc.
US
I would also encourage you to look at using the privileges on the security tab. These will allow you to restrict activity execution to only authorized users.