Fusion INV: Security Policy Implementation for Inventory Services Not Respecting Token
Last updated on JANUARY 05, 2017
Applies to:Oracle Fusion Inventory Management Cloud Service - Version 18.104.22.168.0 and later
Oracle Fusion Inventory Management - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
On : 126.96.36.199.0 version, Web Service for Subinventory
Security Policy implementation for Fusion Apps for Out of the box service SubinventoryService not respecting security for Org.
Callout using user token should respect security regime the same as using the UI
The issue can be reproduced at will with the following steps:
A user is created who has access to only one Organization say TLN.
1) when user logs in UI, user can see data only for the TLN organisation. so this is fine
2) when user token is used to fetch data from SOAP UI, then data for all the organisations is being returned. NOT APPLYING Security.
3) when an out of the box service is called from BPEL using same user being passed as header, then data for all the organisations is being returned. NOT APPLYING Security.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms