ERS 9.2: Create Service Order From Template Page (RS_SO_PICKTMPLT) Does Not Comply With Row Level Security Options Implemented (Doc ID 1965764.1)

Last updated on MARCH 16, 2016

Applies to:

PeopleSoft Enterprise FIN Resource Management - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.

Symptoms

ISSUE:

The creation of new Resource Management Service Orders via the delivered Template ID functionality is not complying with the Security Options implemented at the overall FSCM Application. The 'Create Service Order From Template' delivered page (RS_SO_PICKTMPLT) displays all existing Service Order Template ID values in the records for all Business Units, regardless if the system has been configured with Row Level Security at User ID by Business Unit. The security breach in this page allows the User to view Template IDs created for other restricted Business Units, having security systems compromised, and not following the coherent functionality in the rest of the FSCM Application.

REPLICATION STEPS:

  - Log into the FSCM Online Application as User ID VP1
  - Navigate to: Resource Management > Define Templates > Service Order Template
  - Create a brand new Service Order ID GCS_SO_TEMPLATE under Business Unit US001
  - Navigate to: Set Up Financials/Supply Chain > Security > Security Options
  - Define the below settings:
       - User ID Level Security = Y
       - Business Unit = Y
  - Navigate to: Set Up Financials/Supply Chain > Security > Unit by User ID
  - Open existing User ID VP1
  - Make sure Business Unit US001 value is not present in the defined settings
  - Navigate to: Set Up Financials/Supply Chain > Security > Apply Security Setups
  - Create a new Run Control ID GCS, and launch the SEC_VIEWS AE Program, making sure it goes to Success
  - Log off from the Database
  - Log in once again into the FSCM Online Application as User ID VP1
  - Navigate to: Resource Management > Request Resources > Create Svc Order from Template
  - Confirm that Service Order Template ID GCS_SO_TEMPLATE is displayed under Business Unit US001
  - Try to select the created Template ID, and receive the Error Message

To gather more information concerning this scenario and its related problem, refer to the available Replication Steps Word Document here linked containing the complete configuration and the replication steps necessary to reproduce the issue.

ERROR MESSAGE:

   " User has no access to Business Unit US001. (6900,300)
     User has no access to Business Unit US001 hence cannot create Service Order from Template ID GCS_TEMPLATE. "

BUSINESS IMPACT:

The organization has hundreds if not thousands of Service Order Templates IDs in the FSCM Resource Management module, which has been enabled for Row Level Security at User ID level for Business Units. Whenever a User tries to create a new Service Order via the Template functionality, the system does not filter the results, which causes confusion to the User, who has to scroll endlessly through values he/she should not be able to even see or have access to. What should be a feature of easy and efficient data entry, is eventually found to be useless, and breaching the security implemented across the FSCM Application.

EXPECTED BEHAVIOR:

The Create Service Order From Template page (RS_SO_PICKTMPLT) should be modified so that the system only displays those Template ID values the User should have access to according to the Security Options enabled, whether those are by Row Level Security at User ID or Permission List level. Service Order Template IDs created on other Business Units the User does not have access should be automatically filtered out.
 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms