Security Settings not being Updated when User is Modified (Doc ID 467035.1)

Last updated on JULY 09, 2014

Applies to:

Oracle Transportation Management - Version: 5.5.03
This problem can occur on any platform.

Symptoms

-- Problem Statement:
A user is not following the security settings that have been prescribed in the User Level - Assign Functions. For example - a user has a defined Level that includes the Location - View function, when you log into the app with that user ID and try to view locations - an error message comes up saying that the user does not have access to Viewing Locations.

This has been reproduced when the user is deleted and recreated with the same ID.

1. Created a PUBLIC Level called: PLANNER
2. Assigned 'Location - Update' but not 'Location - View' to this Level
3. Created PUBLIC User Role called: PLANNER and set this to use the Level:
PLANNER
4. Created a user in your domain (XX.6570314_A) using this PUBLIC User Role
5. Created a User Role in your Domain called PLANNER (i.e. XX.PLANNER) and assigned it a Level of DEFAULT
6. Created a second user in your domain (XX.6570314_B) using the Role: XX.PLANNER (i.e. not the public one)
7. Then removed the User
8. Then created the user again (XX.6570314_B) using the Public Role: PLANNER

This successfully created the user, but printed the following error to the
screen:

Could not update user info for user XX.6570314_C
Could not update user amounts for user XX.6570314_C
Write_Record_Failure (cachedUser=XX.ADMIN/null/ADMIN, class=class
glog.ejb.invoice.InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_Impl,
currentUserName=XX.ADMIN, primaryContext=XX.6570314_C,
vpdUser=XX.ADMIN/XX.ADMIN/ADMIN) glog.util.exception.RemoteExceptionWrapper
Write_Record_Failure (cachedUser=XX.ADMIN/null/ADMIN, class=class
glog.ejb.invoice.InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_Impl,
currentUserName=XX.ADMIN, primaryContext=MCD.6570314_C, vpdUser=XX.ADMIN/XX.ADMIN/ADMIN)
Unable to update {0=null} {1=null} to the database. Either the record has been removed by another user or you do not have rights to edit it. (cachedUser=XX.ADMIN/null/ADMIN, class=class
glog.ejb.invoice.InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_Impl,
currentUserName=XX.ADMIN, primaryContext=XX.6570314_C,
vpdUser=XX.ADMIN/XX.ADMIN/ADMIN) at
jrockit.reflect.NativeConstructorInvoker.newInstance([Ljava.lang.Object;)Ljava
.lang.Object;(Unknown Source) at java.lang.reflect.Constructor.newInstance([Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at glog.util.exception.GLException.factory(GLException.java:413) at glog.util.exception.GLException.factory(GLException.java:390) at glog.util.remote.BeanManagedEntityBean.dbModify(BeanManagedEntityBean.java:106
7) at glog.util.remote.BeanManagedEntityBean.(BeanManagedEntityBean.java:265)
at glog.util.remote.BaseEntityBean$3(BaseEntityBean.java:522) at glog.util.remote.BaseEntityBean.ejb(BaseEntityBean.java:803) at glog.util.remote.BaseEntityBean.ejbStore(BaseEntityBean.java:520) at glog.util.remote.BeanManagedEntityBean.ejbStore(BeanManagedEntityBean.java:508) at glog.ejb.invoice.InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_Impl.ejbSt
ore(InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_Impl.java:149) at
weblogic.ejb20.manager.ExclusiveEntityManager.postInvoke(ExclusiveEntityManage
r.java:491) at weblogic.ejb20.internal.BaseEJBObject.postInvoke(BaseEJBObject.java:230)
at glog.ejb.invoice.InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_EOImpl.set
Data(InvoiceSigningAuthorityServerSideEJBWrapper_io1w3y_EOImpl.java:431)
at glog.database.security.gluser.UserManagerSessionBean.updateInvoiceSigningAutho
rity(UserManagerSessionBean.java:787) at glog.database.security.gluser.UserManagerSessionBean.createUpdateInvoiceSignin
gAuthority(UserManagerSessionBean.java:712)
at glog.database.security.gluser.UserManagerSessionServerSideEJBWrapper.createUpd
ateInvoiceSigningAuthority(UserManagerSessionServerSideEJBWrapper.java:532)
at glog.database.security.gluser.UserManagerSessionHome_af31g7_EOImpl.createUpdat
eInvoiceSigningAuthority(UserManagerSessionHome_af31g7_EOImpl.java:862)
at glog.database.security.gluser.UserManagerSessionHome_af31g7_EOImpl_WLSkel.invo
ke(ILweblogic.rmi.spi.InboundRequest;Lweblogic.rmi.spi.OutboundResponse;Ljava.
lang.Object;)Lweblogic.rmi.spi.OutboundResponse;(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:477)
at weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java:1
08) at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:420)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.
java:363) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)

Now you have both of these users set to use the Public PLANNER User Role as seen by the following SQL:

select * from gl_user where gl_user_gid like '%6570314%'

If you log on as each though and do the following:

1. Navigate to Transportation Planning and Execution -> Location Management -> Location Manager
2. Do an open search

For user: 6570314_A you will get the error "User XX.6570314_A does not have rights to access Location_Query data"
For user: 6570314_B, you will be successful in displaying the data.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms