SP3 Process Sync Ignores Security
Last updated on JULY 01, 2016
Applies to:Oracle Utilities Meter Data Management - Version 18.104.22.168 and later
Information in this document applies to any platform.
In Meter Data Management version 22.214.171.124, a user with 'Inquire' only permissions is able to process the sync.
As a part of SP3 there is a new piece of functionality that allows for the online transition of master data syncs through the UI. This provides a new "Process Sync" button on the UI; however, this button does not check the sync BO's application service when a user navigates to the sync and attempts to click the button.
There are a few "read-only" user groups that only have Inquire access to sync BOs, in particular, for Service Points, Install Events, and Usage Subscriptions. These users can successfully process a Pending or Erred sync, and that is not desirable.
The application service not being checked is Sync Request Inbound Ongoing BO - D1-SYNCREQINONGOBOAS.
These sync BO's share a common UI Map and UI Map Service script. These currently do not check the application service above.
UI Map: Sync Request Inbound Display - D1-SyncRequestInboundDisplay
UI Map SS: Sync Request Inbound - Retrieve Details for Display - D1-SynInDisp
This can be reproduced using following steps:
The issue can be reproduced at will with the following steps:
1.Perform XAI submission to create sync request
2. Navigate to sync request
3. Attempt to synchronize the sync request by clicking on "Process Sync" button.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms