Security Issue Viewing Emails and SR Notes on non-assigned Email Accounts.

(Doc ID 1500009.1)

Last updated on SEPTEMBER 06, 2016

Applies to:

Oracle Email Center - Version 12.1.3 and later
Information in this document applies to any platform.


On : 12.1.3 version, Email Center/Service Request Integration.

Actual Behavior

Service Request drill down to email center, allows Agents not assigned to Mail Boxes, to drill down into Email Center and see email messages.

Also if the SR was auto-created, the SR notes will contain the body of the email and will be visible to the Agent.

Expected Behavior

Agents not assigned to a Mail Box, are unable to drill down into Email Center and view the email messages, and unable to see/read the notes set for the email body against the SR.

Work a Round

It is possible to set up SR security to stop the Agent seeing an SR created against an area of another area of an organization.

eg: HR Agent can only see HR SR's and a Financial Agent can only see Financial SR's. And by hiding the SR's stops the Agent have visibility on the notes and also drilling down into the emails.

In this case Business wants the Agents to be aware the SR's are created, but not to the details of the Email.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms