User With Only Access To One Page In A Portal Gains Additional Access To Other Objects In The Portal (Doc ID 1968484.1)

Last updated on MARCH 06, 2015

Applies to:

Oracle WebCenter Portal - Version 11.1.1.8.5 and later
Information in this document applies to any platform.

Symptoms

Granting privileges on an individual page in a portal, is giving that user additional (management) privileges on pages where no access was given. In addition, revoking privileges on the page does not resolve all the issues.

Example:
A user with only access to one page, can change the variables on the "Summary", "Parameters", and "Advanced" Tabs of all the other pages, such as the Home Page (or any other page in this Portal).

Although Edit/Delete options are not available, the non-privileged user is still able to modify things as mentioned above. The "Source" and "Security" tabs DO appear to function as expected (they are "read only" when expected).


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms