Fusion INV: Security Policy Implementation for Inventory Services Not Respecting Token
(Doc ID 2078839.1)
Last updated on JANUARY 05, 2017
Applies to:Oracle Fusion Inventory Management Cloud Service - Version 22.214.171.124.0 and later
Oracle Fusion Inventory Management - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
On : 188.8.131.52.0 version, Web Service for Subinventory
Security Policy implementation for Fusion Apps for Out of the box service SubinventoryService not respecting security for Org.
Callout using user token should respect security regime the same as using the UI
The issue can be reproduced at will with the following steps:
A user is created who has access to only one Organization say TLN.
1) when user logs in UI, user can see data only for the TLN organisation. so this is fine
2) when user token is used to fetch data from SOAP UI, then data for all the organisations is being returned. NOT APPLYING Security.
3) when an out of the box service is called from BPEL using same user being passed as header, then data for all the organisations is being returned. NOT APPLYING Security.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!