Fusion INV: Security Policy Implementation for Inventory Services Not Respecting Token (Doc ID 2078839.1)

Last updated on JANUARY 05, 2017

Applies to:

Oracle Fusion Inventory Management Cloud Service - Version 11.1.9.2.0 and later
Oracle Fusion Inventory Management - Version 11.1.9.2.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.9.2.0 version, Web Service for Subinventory

ACTUAL BEHAVIOR
---------------
Security Policy implementation for Fusion Apps for Out of the box service SubinventoryService not respecting security for Org.

EXPECTED BEHAVIOR
-----------------------
Callout using user token should respect security regime the same as using the UI

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
A user is created who has access to only one Organization say TLN.

1) when user logs in UI, user can see data only for the TLN organisation. so this is fine
2) when user token is used to fetch data from SOAP UI, then data for all the organisations is being returned. NOT APPLYING Security.
3) when an out of the box service is called from BPEL using same user being passed as header, then data for all the organisations is being returned. NOT APPLYING Security.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms