Users Can Grant Themselves Access Rights to Data Entry Forms and Alter the DEFQ Forms (Doc ID 1497959.1)

Last updated on MAY 12, 2016

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 7.2 to 7.3 [Release 7]
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)

Symptoms

In Oracle Financial Services Analytical Applications (OFSAA) Infrastructure versions 7.3 and lower, users without access rights to a DEFQ Form can assign rights to themselves in the Forms Designer interface.  Additionally, users can alter any form within Forms Designer.  You expect that users should not be able to give themselves access to Forms they did not create.  You also need to prevent users from having the ability to alter a Form.

Steps to Reproduce:

1. Login as User1
2. Go to Unified Metadata Manager
3. Go to Data Entry Forms and Queries > Forms Designer
4. Create and save a new Form
5. Logout

6. Login as User2
7. Go back to Unified Metadata Manager > Data Entry Forms and Queries > Forms Designer.
8. Select "Assign Rights" and select the Form created by User1
9. In the Mapping screen, select User2 and select "All above" for privileges.
10. Click "Save Access Rights"

The access rights are given to User2.

Note: Access Rights are listed in the "config" table USERFORMMAP.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms