My Oracle Support Banner

Security Problem With User Role Access When Changing Existing Itinerary (Doc ID 554432.1)

Last updated on NOVEMBER 12, 2019

Applies to:

Oracle Transportation Management - Version 5.5.03 and later
Information in this document applies to any platform.
Checked for relevance on 07-DEC-2010

Symptoms

-- Problem Statement:
On 5.5.03 , Find that an user with a level of access that prevents them from editing and saving itineraries is allowed to modify itineraries

EXPECTED BEHAVIOR
Expect that the user is not allowed to edit and save itineraries

-- Steps To Reproduce:
The issue can be reproduced at will with the following steps:
1. Set up a user Level with the function Itinerary - View Alone attached
2. Attach the user level to a user role and attach a user to this role.
3. log in as the user with the user role and level and try to edit an existing itinerary and save it.
User is allowed to save the itinerary

-- Business Impact:
The issue has the following business impact:
Due to this issue, users cannot trust the security mechanism of OTM

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.