EGL: Journal Source Security Pages Do Not Respect When Row Level Security Is Turned On for Business Unit (Doc ID 3000684.1)

Last updated on FEBRUARY 01, 2024

Applies to:

Symptoms

The Journal Source Security BU page and Journal Source Security Role page do not respect when Row Level Security is turned on with Permission List Level Security and the secured fields are Business Unit and SetID. Users are able to see Business Units that they are not setup to have access to on the Journal Source Security BU page and the Journal Source Security Role page.

STEPS
1. Set Up Financials/Supply Chain > Security > Security Options page setup:
    a. Type of Security = Permission List Level Security
    b. Secured Fields = Business Unit and SetID
2. On the Business Unit Security by Permission List page, add:
    a. Primary Permission List = ALLPAGES (User ID VP1 is setup with this Permission List)
    b. Business Unit = US001 
3. On the TableSet Security by Permission List page, add:
    a. Primary Permission List = ALLPAGES
    b. SetID = SHARE
4. TableSet Controls page setup for Set Control Value = US001 / FS_11 = SHARE  
5. TableSet Controls page setup for Set Control Value = US003 / FS_11 = US003
6. On the Journal Source Security by SetID page, add SetID = SHARE and US003
7. On the Journal Source page, add:
    a. SetID = US003
    b. Source = ONL
8. On the Journal Source Security BU page, add:
    a. Business Unit = US003
    b. Click the Add Journal Source link
    c. Check the Select box for ONL
    d. Save the page
9. On the Journal Source Security BU page, add:
    a. Business Unit = US001
    b. Click the Add Journal Source link
    c. Click the Select All/Deselect All link
    d. Save the page
10. On the Journal Source Security Role page, add:
      a. Role Name = ACM Administrator (User ID VP1 is setup with this Role Name)
      b. Business Unit = US001
11. PeopleTools > Security > User Profiles > User Profiles > General page setup:
      a. User ID = VP1
      b. Under the Permission Lists section, ALLPAGES is specified in all of the fields
      c. On the User Profiles > Roles page, one of the User Roles is Role Name = ACM Administrator
12. Run Apply Security Setups
13. Log in as VP1/VP1
14. Display the Journal Source Security BU > Find an Existing Value page
      a. Click the magnifying glass
      b. Look Up Business Unit page only displays Business Unit = US001 -- this is correct
15. Display the Journal Source Security BU > Find an Existing Value page
      a. Click Search
      b. Search Results displays Business Units of US001 and US003 -- displaying Business Unit = US003 is incorrect
      c. Select US003
      d. The Journal Source Security by BU page displays information for Business Unit US003 -- this is incorrect since VP1 does not have access to Business Unit US003
16. Display the Journal Source Security by Role page for Role Name = ACM Administrator
      a. Click the + sign
      b. Click the magnifying glass for Business Unit
      c. On the Look Up Business Unit page, Business Unit US003 is being displayed even though VP1 only has access to US001
      d. Select US003
      e. Save the page
17. Re-display the Journal Source Security by Role page for Role Name = ACM Administrator
      - Business Unit US003 is displayed -- this is incorrect since VP1, which has the Role Name = ACM Administrator, only has access to Business Unit US001

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.