My Oracle Support Banner

ODI View Access Appears to Incorrectly Allow Users to Modify Variable Expressions (Doc ID 2341059.1)

Last updated on JUNE 16, 2022

Applies to:

Oracle Data Integrator - Version 12.2.1.2.6 to 12.2.1.3.0 [Release 12c]
Information in this document applies to any platform.

Symptoms

Oracle Data Integrator (ODI) allows for different access privileges to user accounts.

A "Guest" user is configured with read-only access to variables. However, the user appears to be able to make modifications to the Expression on the "Refreshing" tab. The user can press the "Save" button without an error message, and the modification appears to be saved. However, when refreshing the variable (by closing and opening it), the modification is reverted back to the original value, and the variable modification is not actually saved (which is correct).

The user should not be able to modify the expression or anything about the variable in the first place. As read-only access, the user should only be able to view and export, but not edit it.

To reproduce:

A. Create the Guest User

  1. Log into Studio as a supervisor
  2. Duplicate "NG Designer" Profile, ie "Guest - NG Designer"
  3. Go To "Authorization" tab
  4. Select Object Variables, and unselect all options. Select only "View" and "Export"
  5. Select Object "User Functions", and unselect all options. Select only "View" and "Export"
    NOTE: for the purpose of this test we have left all other default settings
  6. Save the profile
  7. Create a new user "Guest"
  8. Assign the following profiles to user:
    CONNECT, CONSOLE, Guest - NG Designer

B. Modify the Variable

  1. Log into Studio as the new guest user.
  2. In Designer tab, expand a project, ie "TEST"
  3. Expand "Variables" and open a Variable, ie: "V_CHECK_STATUS"
  4. Go to "Refreshing" tab, notice that everything is "greyed out" usually indicating that no changes can be done
  5. Click the "Pencil" icon
  6. Make changes in "Edit Expression" , ie add "abc"
  7. Select OK
  8. Observe that the change made appears in the "Select Query"
  9. Save the Variable, notice that "Select Query" still shows "abc"
  10. Close the Variable and open it again
  11. Notice that the "Select Query" on the "Refreshing" tab is reverted back to the original setting

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
 A. Create the Guest User
 B. Modify the Variable
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.