Security Problem With User Role Access When Changing Existing Itinerary
(Doc ID 554432.1)
Last updated on MAY 06, 2022
Applies to:Oracle Transportation Management - Version 5.5.03 and later
Information in this document applies to any platform.
On 5.5.03 , Find that an user with a level of access that prevents them from editing and saving itineraries is allowed to modify itineraries
Expect that the user is not allowed to edit and save itineraries
-- Steps To Reproduce:
The issue can be reproduced at will with the following steps:
1. Set up a user Level with the function Itinerary - View Alone attached
2. Attach the user level to a user role and attach a user to this role.
3. log in as the user with the user role and level and try to edit an existing itinerary and save it.
User is allowed to save the itinerary
-- Business Impact:
The issue has the following business impact:
Due to this issue, users cannot trust the security mechanism of OTM
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document