Requester Has the Access to Use Another Requester's PCard Without Being A Proxy
Last updated on APRIL 17, 2017
Applies to:PeopleSoft Enterprise SCM Purchasing - Version 9.2 and later
Information in this document applies to any platform.
Requester has the access to use another Requester's PCard without being a Proxy.
A requester that has the authority to create requisition for a user but is not a proxy to that user's PCard, should not be able to access that user's PCard, but should be able create a requisition on behalf of the user.
The Proxy functionality should not be overridden by the Authority to create a requisition on behalf of another user in User Preferences.
The issue can be reproduced at will with the following steps:
1 - Create DEMOUSER profile
2 - Create requester setup for DEMOUSER
3 - DEMOUSER user preferences
4 - User VP5 is setup as an “Authorized Requester” for User DEMOUSER with the ability to Add, Update and Cancel requisitions on behalf of DEMOUSER
(User Preferences > Define User Preferences > Procurement > Requisition Authorizations > Requesters User Authorization)
5 - VP5 is not setup as a Procurement Card Proxy on DEMOUSER’s procurement card (Pcard). Only DEMOUSER is setup as a proxy on the card
6 - Login as DEMOUSER
7 - Create epro requisition
8 - Login as VP5
9 - VP5 copying requisition created by DEMOUSER
10 - Card number should not be accessible to VP5 (not a proxy on DEMOUSER’s pcard)
11 - Was able to save the requisition.
• Same scenario holds true when VP5 creates a new requisition on behalf of DEMOUSER
• VP5 is able to use DEMOUSER’s Pcard even though VP5 is not a proxy on DEMOUSER’s Pcard
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms