Filters not working for users access grp but working fine with dev access grp

Prudhvi.Athapu · May 16, 2025, 2:30pm

Hi ,

i have a non optimize code table in a section and only “Allow filters” is enabled but not “Allow column sorting”.
on the UI when i login with dev access grp i am able to apply filters properly but with End users access grp i am getting SRVE0295E/403 forbidden console errors when trying to apply filters.

when i enable “Allow column sorting” or “pyBlockUnregisteredRequests” when condition to false, from end user access grp able to apply filters.

looking for an explanation on this behavior.

Thanks.

Gayatri_Nistala · May 19, 2025, 6:28am

@Prudhvi.Athapu

Do you see any errors relating to ‘Unauthorized request detected : Unregistered request encountered’?

Prudhvi.Athapu · May 19, 2025, 12:43pm

@Gayatri Nistala yes, i see SRVE0295E in browser console and below security alert logs:
Unregistered request encountered with params pyActivity:ReloadSection eventSrcSection: PreActivity:pzdoGridAction*
Unregistered request encountered with params pyActivity:ReloadSection eventSrcSection: PreActivity:pzdoGridAction PreDataTransform:*
Unregistered request encountered with params pyActivity:ReloadSection eventSrcSection:Pega-ColumnFilterCriteria.pyUniqueValuesGrid PreActivity:pzdoGridAction*
Unregistered request encountered with params pyActivity:ReloadSection eventSrcSection:Pega-ColumnFilterCriteria.pyUniqueValuesGrid PreActivity:pzdoGridAction PreDataTransform:

RusselK1 · May 20, 2025, 7:03am

@Prudhvi.Athapu
Here is an explanation of your issue

The filter functionality in your non-optimized code table isn’t registered in the BAC Security Registry. This triggers SECU0019 warnings and 403 Forbidden errors for end users.
Dev Access Groups typically have elevated privileges (e.g., pyStandardUpdate), bypassing BAC checks.
End User Access Groups follow stricter security policies, enforcing BAC validations.

Why Enabling Sorting/Disabling BAC Fixes It

Allow Column Sorting: Automatically registers the component in BAC during column configuration.
pyBlockUnregisteredRequests = false: Disables BAC validation entirely (not recommended for production)

BAC stands Basic Access Control

Conversation		Replies	Views
Filter and Sorting options are showing disabled in Table grid User Experience pega-platform , user-experience , case-management , 8-8-2	4	812	December 28, 2023
SECU0019 Unauthorized request detected when using OOTB control General security , 8-4-3	3	4978	November 30, 2021
Status FDBK-60707 User Experience user-experience , senior-system-architect , 8-3-5	1	77	December 30, 2020
Create One Personalized Table for All Users User Experience user-experience , reporting , 8-8-5	1	183	May 13, 2024
Vertical Privilege Escalation/ unauthorized access vulnerability while using navigation rule User Experience user-experience , senior-system-architect , security , financial-services , 8-6-4	4	187	October 4, 2024

Filters not working for users access grp but working fine with dev access grp

Related topics