If "Full Auth for All Requesters" is not Selected for the User, the User can View Other Requesters' Details (Purchase Order, Receipt, Invoice, etc.)
(Doc ID 2862257.1)
Last updated on JULY 05, 2022
Applies to:
PeopleSoft Enterprise SCM eProcurement - Version 9.2 and laterInformation in this document applies to any platform.
Symptoms
If "Full Auth for All Requesters" is not selected for the User, the User can view other Requesters' Details (Purchase Order, Receipt, Invoice, etc.)
Note : The following User Details / Company Names / Addresses / Emails / Telephone Numbers / Etc. are fictitious (based upon made-up data used in the Oracle DEMO Environments), any similarity to actual persons, living or dead, is purely coincidental and not intended in any manner.
The issue can be reproduced at will with the following steps:
1. Navigate : Setup Financials/Supply Chain > common Definitions > User Preferences > Define User Preferences
2. Select BLOCHERTY
3. Click Requisition Authorizations
4. Uncheck Full Auth for All Requesters
5. Login VP1
6. Navigate : eProcurement > My Requisitions
7. Search requisitions
8. Click Details
9. Click any of the icon (Requisition, PO, Receiving, Payment, etc) in the Requisition Lifeline section
10. Copy the URL
11. Login BLOCHERTY
12. Paste the URL
Issue : System allows to see VP1 transactions
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |