Policy with Data Access Group is Visible to User Without Access to Data Access Group
(Doc ID 2478057.1)
Last updated on APRIL 22, 2019
Applies to:Oracle Health Insurance Enterprise Policy Administration - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Policies which should not be visible to the user, are visible by pressing the policies link in the persons screen (PO0045). In other words, users who do not have access to a data access group are able to see policies that have this data access group.
The same behavior is seen in 2.17.3 environments. It appears this never worked.
The expected behavior is that users who do not have access to a data access group should not be able to see policies that have this data access group.
The issue can be reproduced at will with the following steps:
1) Policy XXX is not visible to the user because the user does not have access to Data Access Group that is on the policy.
2) When doing a person search the policy holder can be found. This is correct; the person is allowed to be visible to the user.
3) When clicking on the policy link under ‘Enrollment’ the policy becomes visible to the user. This is not correct. The user that logged in does not have access to this Data Access Group.
Users can see and manipulate policies they should not have access to.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document