E-Portal:WorkCenter users have access to links for which they should have
Last updated on MARCH 27, 2014
Applies to:PeopleSoft Enterprise PT PeopleTools - Version 8.53 and later
Information in this document applies to any platform.
On : 8.53 version, Portal Technology
When you have links under the same link group which have different security settings, a user logging in will see ALL links in the group rather than just the ones that they should have access to.
Users should see the links which they have access to
The issue can be reproduced at will with the following steps:
1. Assign security to any four delivered menu items so that user A can see all four items and user B has access to just one of the menu items.
2. Create a workcenter
3. Assign WorkCenter Pagelet 'Links' to the workcenter
4. Add pagelet configuration to the WorkCenter Pagelet for the workcenter that you just created (Main Menu > Enterprise Components > WorkCenter/Dashboards > Configure Pagelets, Add a New Value.
5. In pagelet configuration, add the four menu items that you assigned security to in step 1 to the 'links' configuration.
6 Create 2 links 'groups' (call them A and B).
7. Add 1 menu item to the first group and the other three to the second group. Ensure that the menu item which user B can access is in the second group.
8. Log in as user A. You should be able to see everything in the Links section of the workcenter
9. Log in as user B. You should only see the menu item assigned to that user's security profile, but what will happen is you'll see all menu items in the group.
The issue has the following business impact:
Due to this issue, users can see the links which they dont have access to and its a security concern for customers.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms