Security Problem With User Role Access When Changing Existing Itinerary
Last updated on SEPTEMBER 08, 2016
Applies to:Oracle Transportation Management - Version: 5.5.03
Information in this document applies to any platform.
Checked for relevance on 07-DEC-2010
On 5.5.03 , Find that an user with a level of access that prevents them from editing and saving itineraries is allowed to modify itineraries
Expect that the user is not allowed to edit and save itineraries
-- Steps To Reproduce:
The issue can be reproduced at will with the following steps:
1. Set up a user Level with the function Itinerary - View Alone attached
2. Attach the user level to a user role and attach a user to this role.
3. log in as the user with the user role and level and try to edit an existing itinerary and save it.
User is allowed to save the itinerary
-- Business Impact:
The issue has the following business impact:
Due to this issue, users cannot trust the security mechanism of OTM
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms