Users Can Grant Themselves Access Rights to Data Entry Forms and Alter the DEFQ Forms
Last updated on MAY 12, 2016
Applies to:Oracle Financial Services Analytical Applications Infrastructure - Version 7.2 to 7.3 [Release 7]
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
In Oracle Financial Services Analytical Applications (OFSAA) Infrastructure versions 7.3 and lower, users without access rights to a DEFQ Form can assign rights to themselves in the Forms Designer interface. Additionally, users can alter any form within Forms Designer. You expect that users should not be able to give themselves access to Forms they did not create. You also need to prevent users from having the ability to alter a Form.
Steps to Reproduce:
1. Login as User1
2. Go to Unified Metadata Manager
3. Go to Data Entry Forms and Queries > Forms Designer
4. Create and save a new Form
6. Login as User2
7. Go back to Unified Metadata Manager > Data Entry Forms and Queries > Forms Designer.
8. Select "Assign Rights" and select the Form created by User1
9. In the Mapping screen, select User2 and select "All above" for privileges.
10. Click "Save Access Rights"
The access rights are given to User2.
Note: Access Rights are listed in the "config" table USERFORMMAP.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms