SP3 Process Sync Ignores Security (Doc ID 2154528.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Utilities Meter Data Management - Version 2.1.0.3 and later
Information in this document applies to any platform.

Symptoms

 In Meter Data Management version 2.1.0.3, a user with 'Inquire' only permissions is able to process the sync. 

As a part of SP3 there is a new piece of functionality that allows for the online transition of master data syncs through the UI. This provides a new "Process Sync" button on the UI; however, this button does not check the sync BO's application service when a user navigates to the sync and attempts to click the button.

There are a few "read-only" user groups that only have Inquire access to sync BOs, in particular, for Service Points, Install Events, and Usage Subscriptions. These users can successfully process a Pending or Erred sync, and that is not desirable.

The application service not being checked is Sync Request Inbound Ongoing BO - D1-SYNCREQINONGOBOAS.
These sync BO's share a common UI Map and UI Map Service script. These currently do not check the application service above.

UI Map: Sync Request Inbound Display - D1-SyncRequestInboundDisplay
UI Map SS: Sync Request Inbound - Retrieve Details for Display - D1-SynInDisp

This can be reproduced using following steps:
The issue can be reproduced at will with the following steps:
1.Perform XAI submission to create sync request
2. Navigate to sync request
3. Attempt to synchronize the sync request by clicking on "Process Sync" button.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms