Security Issue Viewing Emails and SR Notes on non-assigned Email Accounts. (Doc ID 1500009.1)

Last updated on SEPTEMBER 06, 2016

Applies to:

Oracle Email Center - Version 12.1.3 and later
Information in this document applies to any platform.

Symptoms

On : 12.1.3 version, Email Center/Service Request Integration.



Actual Behavior


Service Request drill down to email center, allows Agents not assigned to Mail Boxes, to drill down into Email Center and see email messages.

Also if the SR was auto-created, the SR notes will contain the body of the email and will be visible to the Agent.


Expected Behavior


Agents not assigned to a Mail Box, are unable to drill down into Email Center and view the email messages, and unable to see/read the notes set for the email body against the SR.



Work a Round


It is possible to set up SR security to stop the Agent seeing an SR created against an area of another area of an organization.

eg: HR Agent can only see HR SR's and a Financial Agent can only see Financial SR's. And by hiding the SR's stops the Agent have visibility on the notes and also drilling down into the emails.

In this case Business wants the Agents to be aware the SR's are created, but not to the details of the Email.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms