PO Details Are Visible From ASN / Shipments Link Ignoring Security Profile For iSupplier Portal Internal Responsibility
(Doc ID 1502666.1)
Last updated on SEPTEMBER 19, 2019
Applies to:Oracle iSupplier Portal - Version 220.127.116.11 and later
Information in this document applies to any platform.
On : 18.104.22.168 version, Shipment Issues
Buyer is able to view Purchase Order (PO) details through iSupplier Portal for Operating Units (OU) which are restricted via Security Profile when navigating to ASN and querying shipment notices for another OU.
Root cause is addressed in ER: <Bug 5999897> SECURITY RESTRICTIONS FOR INVENTORY ORGANIZATION FOR ASN
The security failure is the possibility of opening PO's from an OU which is secured; the expectation is it should not be possible to open Purchase Orders from View ASN - Shipment Notices - screen when 'MO: Security Profile' is setup,
Due to this issue, users can query PO details from PO which are restricted by security profile.
Steps To Reproduce
1. Setup security profile and restrict OU.
2. Log in to iSupplier Portal Internal View as Buyer.
3. Navigate to View Advanced Shipment Notices.
4. Click on Shipment Number of different OU.
5. Open Purchase Order link and find user is able to see PO details from restricted OU
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document