My Oracle Support Banner

E1: SEC: P00950UO Role Validation is Incorrect as It Allows Adding Security for Non Existing Roles If a Role Name is Entered by Appending Few Characters to an Existing Role Name of 10 Characters (Doc ID 2598256.1)

Last updated on FEBRUARY 03, 2020

Applies to:

JD Edwards EnterpriseOne Tools - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

P00950UO application does not validate the Role names correctly while defining View or Action security records if an incorrect Role name is used by appending few extra characters to an existing Role name of 10 characters. This allows for security records to be added for non existent Roles. Appropriate warning or error message is not displayed on screen.
As an example, if we add a Role 'ROLE123456'  via P00092 application, we will notice that while trying to add a view security record for 'ROLE1234' "User Does Not Exist " error message appears on screen. However, if we try to add security record for 'ROLE123456789' , there is no error thrown on screen and the security is added for this non existent role incorrectly.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.