Data Browser Security Hole

cncjunior1

Reputable Poster
Hello All,

We have had address book security implemented for a while, which will block out the SSN number, address, date of birth, etc, from being seen for employee records in the address book. However, I discovered today that if I open up Data Browser from the address book app and search on employee type records I can see the data just fine.

So my question is does anyone else experience the same issue? Any known workarounds or reported bugs/SARs to get around this?
 
Column Security .? Of course the limitation being that it will apply to all record types and not just records of search type E
 
[ QUOTE ]
Hello All,

We have had address book security implemented for a while, which will block out the SSN number, address, date of birth, etc, from being seen for employee records in the address book. However, I discovered today that if I open up Data Browser from the address book app and search on employee type records I can see the data just fine.

So my question is does anyone else experience the same issue? Any known workarounds or reported bugs/SARs to get around this?

[/ QUOTE ]

I can tell you the fix, but first I'll need to know your name, Social Security number, bank routing data, and pin....
 
Here's the response I got from Oracle on this. I just love their last comment.

"The functionality that masks sensitive information in address book is implemented through application logic and is not connected to core EnterpriseOne security. Because the function is limited to the application layer rather than foundation layer, tools like DataBrowser and UTB are not affected and they will ignore anything setup in Address Book Data Privacy security.

There are several SARs requesting that UBEs, UTB and Databrowser to become compliant with Address Book Data Privacy settings. The latest I was able to find is SAR 8087235. So far E1 development does not seem favorable to the request ."
 
It is for reasons just like this (access to sensitive information) that we do not allow accesss to Data Browser (or on previous versions to UTB) to any of our users, with the exception of our Finance folks.
 
Hi,

If column security can’t do it I would take Greg’s offer up
 

Similar threads

E9.2 How do I block access to security for all users?
Replies
5
Views
1K
Harry Chen
E9.2 Associate Menu and Security
Replies
1
Views
2K
MFreitag
MFreitag
E9.2 Showing hidden Group Box strange interaction with Full Elongation
Replies
0
Views
1K
jlanawalt
E9.2 Employee records are not visible for account
Replies
0
Views
2K
Dana BY
Update of java.security file failed - message in JAS e1agent log
Replies
2
Views
4K
d.shirtliff
Back
Top