E1: SEC: Row Security with Restricting Update Actions Does Not Restrict Users from Changing Based on the Defined Row Security (WEB Client Only) (Doc ID 2433777.1)

Last updated on APRIL 04, 2025

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

When Row Security is defined for restricting change actions, the restricted users are still allowed to update the secured data item. Issue observed on web client only.

For example, when configuring inclusive row security settings for allowing users with changing records in the UDC table F0005 with a user defined codes (KY) values in certain range, associated users will be able to modify a record to a KY value that does not fall within a range.

Inclusive Row Security
Table	Data_Item	From_Value	Thru_Value	Add	Change	Delete	View	Alias
F0005	UserDefinedCodes	*BLANKS	HQZZZZZZZZ	Y	Y	Y	Y	KY
F0005	UserDefinedCodes	HS	ZZZZZZZZZZ	Y	Y	Y	Y	KY

These definitions should be allowing specified users adding, changing, deleting, or viewing of any UDC value that falls within the specified ranges, but not allowed for values started with HR*.
When a user attempting to modify an existing UDC value to a new value with HR*, this action is not restricted even though the new value violates the defined row security rules.

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

E1: SEC: Row Security with Restricting Update Actions Does Not Restrict Users from Changing Based on the Defined Row Security (WEB Client Only) (Doc ID 2433777.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!