Access Control Issue In Approval Workflow Screens

(Doc ID 2330580.1)

Last updated on NOVEMBER 27, 2017

Applies to:

Oracle Financial Services Revenue Management and Billing - Version 2.3.0.0.0 to 2.3.0.0.0 [Release 2]
Information in this document applies to any platform.

Symptoms

On : RMB 2.3.0.2.0 version, CT - Control Tables

Access Control Issue in Approval Workflow Screens

ACTUAL BEHAVIOR
---------------
User has access to only certain divisions as expiration date of other accesses is on 31-12-2000, but still all the division transactions are displayed in the Approve screen.


EXPECTED BEHAVIOR
-----------------------
The transactions for division where the data access is expired for the user should not be shown when searched.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
 
1. Define both division (AUT, DEU) for a user
2. For one division say AUT, set expiration date as 31-12-2000 (past date)
3. Navigate to DB Menu -> Approval Workflow Management -> Approve
4. As expected, Division drop-down list only DEU & 100
4. Search with any filter like "From Date" say 01-01-2017
5. Search result will have both AUT & DEU transaction ids
 
This issue observed in following screens,
Approve
Resolve
Modify
Logs
Approve Price Assignment
Resolve Price Assignment(here even if user is not assigned with AUT, still AUT txn ids are listing, if search with submitter id)
Modify Price Assignment(here even if user is not assigned with AUT, still AUT txn ids are listing)



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms