My Oracle Support Banner

Security Problem With User Role Access When Changing Existing Itinerary (Doc ID 554432.1)

Last updated on JULY 20, 2024

Applies to:

Oracle Transportation Management - Version 5.5.03 and later
Information in this document applies to any platform.


-- Problem Statement:
On 5.5.03 , Find that an user with a level of access that prevents them from editing and saving itineraries is allowed to modify itineraries

Expect that the user is not allowed to edit and save itineraries

-- Steps To Reproduce:
The issue can be reproduced at will with the following steps:
1. Set up a user Level with the function Itinerary - View Alone attached
2. Attach the user level to a user role and attach a user to this role.
3. log in as the user with the user role and level and try to edit an existing itinerary and save it.
User is allowed to save the itinerary

-- Business Impact:
The issue has the following business impact:
Due to this issue, users cannot trust the security mechanism of OTM


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.