AP: TIN Matching Inquiry Shows Rows To Unauthorized Users

(Doc ID 2421961.1)

Last updated on JULY 11, 2018

Applies to:

PeopleSoft Enterprise FIN Payables - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

On : 9.2 version, General

ACTUAL BEHAVIOR
---------------
Users are shown information related to SetIDs that they were not authorized to access.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Set Security Options
  - Select User ID Level Security for Type of Security and Setid under Secured Fields
2. Define the Setid accessible by a user. In this example Setid defined for the user VP2 is SHR02.
3. Run Apply Security Setups
4. Logout and login as VP2
5. Test the changes by navigating to Supplier > Supplier Information > Maintain >TIN Matching Inquiry > Extract TIN Matching File
6. Click Look up for Setid
  - Notice that it is showing only SHR02 which is correct
7. Leave the Setid search parameter as blank
8. Click Search.
  - The result shows rows with Setid that was not defined for the user.



Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms