SP3 Process Sync Ignores Security (Doc ID 2154528.1)

Last updated on OCTOBER 06, 2022

Applies to:

Symptoms

 In Meter Data Management version 2.1.0.3, a user with 'Inquire' only permissions is able to process the sync. 

As a part of SP3 there is a new piece of functionality that allows for the online transition of data syncs through the UI. This provides a new "Process Sync" button on the UI; however, this button does not check the sync BO's application service when a user navigates to the sync and attempts to click the button.

There are a few "read-only" user groups that only have Inquire access to sync BOs, in particular, for Service Points, Install Events, and Usage Subscriptions. These users can successfully process a Pending or Erred sync, and that is not desirable.

The application service not being checked is Sync Request Inbound Ongoing BO - D1-SYNCREQINONGOBOAS.
These sync BO's share a common UI Map and UI Map Service script. These currently do not check the application service above.

UI Map: Sync Request Inbound Display - D1-SyncRequestInboundDisplay
UI Map SS: Sync Request Inbound - Retrieve Details for Display - D1-SynInDisp

This can be reproduced using following steps:
The issue can be reproduced at will with the following steps:
1. Perform XAI submission to create sync request
2. Navigate to sync request
3. Attempt to synchronize the sync request by clicking on "Process Sync" button.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.