Security Issues In Blogs
Last updated on JANUARY 20, 2015
Applies to:Oracle WebCenter Portal - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
Blog Post created by User A (a .htm file in UCM) should only be editable by USER A and not by other users.
In current version of WebCenter Portal any authenticated user can edit the blog post created by USER A.
This is true even after modifying in the resource ID of the blog taskflow as connection_name#dCollectionID:dCollectionId (in JDeveloper).
Per <Document 1484718.1>, user can edit the blogs, but the requirement is that blogs created by one user should not be editable by other users.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms