Workflow Notification Allows Inactive Contact to Access SR in iSupport, In Violation of Security Setup
(Doc ID 1093729.1)
Last updated on FEBRUARY 06, 2022
Applies to:Oracle Teleservice - Version 12.0.6 and later
Information in this document applies to any platform.
In iSupport, Find that the hyperlink in Workflow Notification to a previously active SR contact, now inactive, allows the inactive Contact to still see and access the SR even though he has no more rights to view the SR.
Expect inactive SR contacts to be unable to view service requests.
Steps to Reproduce:
The issue can be reproduced at will with the following steps:
1. Create SR with an active Contact. He receives workflow notification with hyperlink to view the SR.
2. Now make the Contact inactive. Navigate to the notification and select "Click here to view Service Request"
3. The link is active and there is access to the SR via the link.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document