Posted: 2 Dec 2020 3:34 EST Last activity: 2 Dec 2020 13:40 EST
How to schedule a report with security policies?
We have set security policies on our app to control the access and permissions to records. We also have reports we need to extract as Excel daily and send them to a distribution list. For that we created reports and we scheduled them.
But by using PEGA OOTB scheduling with pyExecuteTask, we had to disable step 4 in pyExecuteTask activity so to bypass the control on security policies. Otherwise the OOTB activity would prevent us from scheduling the report.
By doing so we have several severe and moderate warnings on the app, decreasing the app score.
Is there another way to schedule those reports without getting such warnings?
To help protect against data leaks we intentionally disable extraction for reports that have read policies defined. Instead of sending to a distribution list, with the workaround that you mentioned, maybe you can consider rearchitecting the solution. For example have people login to Pega to see the report content.
Customizing pyExecuteTask, or any other Pega activity that deals with security, will create more serious security issues than guardrail violations.