My Oracle Support Banner

Role Access List Not Being Used While Setting Up Security On a Framework Folder in WCC (Doc ID 2677290.1)

Last updated on JUNE 04, 2020

Applies to:

Oracle WebCenter Content - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

ISSUE
-----------------------
When a user with a particular roles logs into the system, he/she is able to see the folders to which they shouldn't have access to thereby Role Access List for ACL being ignored.


ERROR
-----------------------
None, user can access folder that is not supposed to.


STEPS TO REPLICATE
-----------------------
1. Create a user.
2. Grant read-only (R) permission to a particular security group. Ex Confidential.
3. Assign this group membership to the user.
4. Create a folder and assign the same security group under folder metadata options as in step# 2.
5. While user can access contents of this folder, it cannot add/delete content.
6. Upon trying to delete content, below error is experienced:
"Unable to delete items. You do not have permission for 'delete' operation on '<File_Name>' file.



BUSINESS IMPACT
-----------------------
User(s) are able to see the folders to which they shouldn't have access to.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.