Security:
The below 2 statements were found interesting to me while I was reading the pega LSA course
"Obfuscation of URLs is not a guarantee that an attacker will never find way to form a URL "
"Obscurity is not security"
bottom-line is , define the authorization policy that explicitly prevents the unauthorized access.
-------------------------------------------------------------------------------------------------------------------
Security: Reports and attachments
How to define the Authorization policy for the delegated customer created reports?