My Oracle Support Banner

LSH API cdr_security_utils.hasobjsecpermission is not considering the Application Roles and User Password Checks (Doc ID 2680546.1)

Last updated on JUNE 15, 2020

Applies to:

Oracle Life Sciences Data Hub - Version 2.5.0 and later
Information in this document applies to any platform.

Symptoms

On Oracle Life Sciences Data Hub (LSH) 2.5.0 version,

ACTUAL BEHAVIOR
---------------
When using cdr_security_utils.hasobjsecpermission API to check whether user has access to an object or not,
the following issues were identified:
1. When user account is locked, the API is returning that user has access to the object.
2. When user account doesn't have any application roles but user group roles are assigned, then API is returning that user has access to the object.
3. When new user is created and user has not reset the password yet, then API is returning user has access to the object.


EXPECTED BEHAVIOR
-----------------------
It would be expected that the API should return that user does not have access to the objects in these particular cases.

STEPS
-----------------------
The issue can be reproduced with the following steps:
1. Use the cdr_security_utils.hasobjsecpermission API to check user access on objects for the following cases:
1.1 User account is locked.
1.2 User account does not have any application roles.
1.3 User account is created, but the user did not reset the password.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.