Order Management Endeca Dashboard Data Security Issues (Doc ID 2004082.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Order Management - Version 12.1.3.4 and later
Information in this document applies to any platform.

Symptoms

On : 12.1.3.4 version, Endeca Intregration

ACTUAL BEHAVIOR
---------------
You observed during testing that you can see data for other operating units in Endeca Dashboard although they don't have access through Oracle Forms in same responsibility. This can be cache issue as you found that this happen when you open Endeca dashboard in Super User responsibility ( having access to all orders in region ) and then change responsibility to Country Specific and still see all orders although expectation is to see Country specific Orders in this responsibility.

EXPECTED BEHAVIOR
-----------------------
Expectation is to see Country specific Orders in this responsibility.
 

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. OM Super User responsibility
2. Navigate to Endeca dashboard
3. See data from other operating units.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, users can view data from other operating units.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms