PCO Consolidate Line Items Permission Issues

(Doc ID 2403259.1)

Last updated on MAY 24, 2018

Applies to:

Primavera Unifier Cloud Service - Version 10.1 and later
Primavera Unifier - Version 10.1 and later
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOR
---------------
Through the option - Consolidation Line Items, user are able to see unauthorized information.


EXPECTED BEHAVIOR
-----------------------
User can only see authorized information.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:

0) Access Unifier

1) Login as coadmin

1. Open Company Workspace
2. Locate User Administration
3. Locate User - user1
4. Verified user1 only have permission to 1 shell - shell1
5. Open shell - shell1
6. Locate node - Change Management > Proposed Change Orders
7. Noticed there is only 1 record - PCO-0001

2) Login as user1

1. Open shell - shell1
2. Locate node - Change Management > Change Orders
3. Create a new Change Orders, select contact CON-000002 when required
4. For section - Summary Items, click on button - Copy then select Consolidate Line Items
5. Noticed lots of PCOs listed, which were not authorized for the user to see.
6. Issue received.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users can see information that they have no access to.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms