ODI Non-generic 'view' Privilege Allows for Moving Scenarios Between Folders (Doc ID 2221573.1)

Last updated on FEBRUARY 06, 2017

Applies to:

Oracle Data Integrator - Version 11.1.1.7.0 and later
Information in this document applies to any platform.

Symptoms

A user has a non-generic Operator profile assigned.

Even though the operator user only has “View” privileges on “Load Plan and Scenarios Folder”, he is still able to drag&drop the scenarios between folders. The user can also move a scenario outside of the folder, placing it on the top tree. But when doing so, the user no longer sees the scenario as he doesn’t have access to the top tree, and only to selected folders.

Use the steps below to reproduce the issue.
The following test assumes that there are two folders in "Designer", "Load Plan and Scenarios" named "Beep folder" and "Sleep folder", and each folder contains a scenario "BEEP" and "SLEEP" respectively.

1 - Login to ODI Studio as Supervisor
1.1 - Duplicate the "Operator" profile, naming it "NG Operator - test"
1.2 - Modify the following privileges in the "NG Operator - test" profile:
a. Load Plan and Scenarios Folder
Edit each method and uncheck 'Generic Privilege' for all
(Delete, Duplicate, Edit, New, View)
b. Scenario
Edit each method and uncheck 'Generic Privilege' for all
(Decrypt, Delete, Duplicate, Encrypt, Execute, Export, Import Release...,
Import Scenario..., Open, Regenerate...)
1.3 - Create a new user  named "NGOperator_test"
1.4 - Assign the "Connect" and "NG Operator - test" profiles to the user
1.5 - Under "Designer", "Load Plan and Scenarios", drag&drop the following
folders: "Beep folder" and "Sleep Folder"
Grant the following privileges to the user for each folder:
Load Plan and Scenario Folder "View"
Scenario "View", "Execute" and "Open".

2 - Sign in as the user "NG Operator - test"
2.1 - Attempt to drag "BEEP" scenario into the "Sleep Folder"
This works.
2.2 - Attempt to drag the "SLEEP" scenario outside of the "Sleep Folder"
Notice that the "SLEEP" folder is no longer visible to the user.

 


The issue only occurs when the "Scenario - Open" method is assigned. When "Open" is not assigned, the scenarios cannot be moved between folders.





Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms