My Oracle Support Banner

PO Details Are Visible From ASN / Shipments Link Ignoring Security Profile For iSupplier Portal Internal Responsibility (Doc ID 1502666.1)

Last updated on SEPTEMBER 19, 2019

Applies to:

Oracle iSupplier Portal - Version 11.5.10.2 and later
Information in this document applies to any platform.

Symptoms

On : 11.5.10.2 version, Shipment Issues

Buyer is able to view Purchase Order (PO) details through iSupplier Portal for Operating Units (OU) which are restricted via Security Profile when navigating to ASN and querying shipment notices for another OU.

Root cause is addressed in ER: <Bug 5999897> SECURITY RESTRICTIONS FOR INVENTORY ORGANIZATION FOR ASN

The security failure is the possibility of opening PO's from an OU which is secured; the expectation is it should not be possible to open Purchase Orders from View ASN - Shipment Notices - screen when 'MO: Security Profile' is setup,

Due to this issue, users can query PO details from PO which are restricted by security profile.

Steps To Reproduce
1. Setup security profile and restrict OU.
2. Log in to iSupplier Portal Internal View as Buyer.
3. Navigate to View Advanced Shipment Notices.
4. Click on Shipment Number of different OU.
5. Open Purchase Order link and find user is able to see PO details from restricted OU
 


Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.