Support Article
You lack access required to execute RULE-OBJ-ACTIVITY
SA-6203
Summary
Users see authentication errors in log files when their applications try to call authenticated activities from a service activity for which the service package authentication option is unchecked.
Error Messages
You lack access required to execute RULE-OBJ-ACTIVITY @BASECLASS ACTIVITYSTATUSEXCEPTIONHANDLER
You lack access required to execute RULE-OBJ-ACTIVITY @BASECLASS PXMENUBARTRANSLATOR
09:29:36,668 [127.0.0.1,-15] ( internal.mgmt.Executable) ERROR your_server|127.0.0.1 - Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS PXMENUBARTRANSLATOR #20120713T020743.694 GMT
com.pega.pegarules.pub.PRRuntimeException: Error: You lack access required to execute RULE-OBJ-ACTIVITY @BASECLASS PXMENUBARTRANSLATOR #20120713T020743.694 GMT.
at com.pega.pegarules.session.internal.mgmt.Executable.activityProlog(Executable.java:654)
at com.pegarules.generated.activity.ra_action_pxmenubartranslator_dab5c26f40591f76e60a0412a7839e03.perform(ra_action_pxmenubartranslator_dab5c26f40591f76e60a0412a7839e03.java:55)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3098)
at com.pega.pegarules.session.internal.mgmt.base.ThreadRunner.runActivitiesAlt(ThreadRunner.java:617)
at com.pega.pegarules.session.internal.mgmt.PRThreadImpl.runActivitiesAlt(PRThreadImpl.java:593)
at com.pega.pegarules.session.internal.engineinterface.service.HttpAPI.runActivities(HttpAPI.java:2862)
at com.pega.pegarules.session.external.engineinterface.service.EngineAPI.processRequestInner(EngineAPI.java:394)
at sun.reflect.GeneratedMethodAccessor362.invoke(Unknown Source)
Steps to Reproduce
Unknown
Root Cause
A defect in Pegasystems’ code or rules
The service layer does not bypass authentication for all services where Authenticate? is not selected (and thereby not required) on their service packages.
Resolution
Apply HFix-20837.
Restart the application server.
After you install the hotfix, check and adjust, as needed, the application's Activity record, the Security settings and related Authentication settings:
- In the Activity record, the Security tab, select or clear -- depending on your needs -- the check box labeled Authenticate?
Selecting the check box specifies that only authenticated requestors can start the activity.
See the PRPC 6.3 SP1 Help topic, https://community.pega.com/sites/default/files/help_v63sp1/Default.htm#rule-/rule-obj-/rule-obj-activity/security.htm. - Then also check the following settings in your application to make sure that they match your Authentication choice of Step 1:
- The access group of the service package rule
- The access group of the agent rule
- The access group of the agent scheduler
Published April 6, 2019 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.