My Oracle Support Banner

Application Security Group Effective To Date is Being Ignored when a User Belongs to 2+ Groups (Doc ID 2479645.1)

Last updated on DECEMBER 04, 2019

Applies to:

Oracle Insurance Policy Administration J2EE - Version 11.0.2.15 and later
Information in this document applies to any platform.

Symptoms

On : 11.0.2.15 version, Security information

ACTUAL BEHAVIOR
---------------
The OIPA application security allows for a user to be a member of multiple security groups. If the user has permission for a particular system function in 1 security group they will be given access to it even if the other security groups they are a member of do not provide that same permission. If the group that user gets access from is expired using the Effective To date for the Security Group they should no longer have the ability to perform that action as of that specified date. This is not happening and the user continues to have the ability to perform the action.


EXPECTED BEHAVIOR
-----------------------
If the group that user gets access from is expired using the Effective To date for the Security Group they should no longer have the ability to perform that action as of that specified date.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Create 2 application security groups for the same Primary Company.
 - In Group 1 the user can create clients in Group 2 the user cannot.
 - Effective to date of group 1 7/1/2018
 - Effective from date of group 2 7/1/2018 - no effective to date
 - System date after 7/1/2018
2. Attempt to create a client


BUSINESS IMPACT
-----------------------
The issue has the following business impact:
User can perform actions they should not have access to

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.