Security Workbench bug: Applying processing option security through security workbench unlocks version line level security

skeener

Member
Security Workbench bug: Applying processing option security through security workbench unlocks version line level security

We’ve had ongoing issues with users running batch jobs with data selection parameters that negatively impact our E1 production environment. In some cases, the result has been reduced system performance. In other cases, the result has been large volumes of incorrect data. One root cause factor is the lack of a valid option for completely locking down the interactive use of data selection parameters. We have broadly applied line level locking of data selection parameters, but creating enough versions to cover every possible combination of parameters is unmanageable and unrealistic. This means that we continue to require versions that have a combination of locked lines and unlocked lines that allow users to set their own data selection parameters, particularly the right operand. We’ve also considered implementing processing option security through the security workbench now available in Tools. The functionality available does provide some benefits, but has a major bug in that it will unlock the right operand in versions where line level security has been used to fully lock out a line.

We’ve requested a bug fix from Oracle that would ensure version line level security is not unlocked when processing option security is applied using security workbench. The response from Development stated that Data Selection security was intended to replace the old locking feature, therefore, they do not recommend combining them. Also, Development stated that this is the only request they have ever seen on the issue.

So, a few questions: 1) Has anyone else experienced this issue?; 2) Does anyone have recommendations on how to overcome the issue?; 3) Does anyone have interest in joining us if we continue to pursue a fix?


E1 8.12 (upgrading to 9.0)

Tools Release 8.98.2.4 (updgrading to whatever the latest and greatest is roughly six months from now)
 
Re: Security Workbench bug: Applying processing option security through security workbench unlocks version line level security

[ QUOTE ]
We’ve had ongoing issues with users running batch jobs with data selection parameters that negatively impact our E1 production environment. In some cases, the result has been reduced system performance. In other cases, the result has been large volumes of incorrect data. One root cause factor is the lack of a valid option for completely locking down the interactive use of data selection parameters. We have broadly applied line level locking of data selection parameters, but creating enough versions to cover every possible combination of parameters is unmanageable and unrealistic. This means that we continue to require versions that have a combination of locked lines and unlocked lines that allow users to set their own data selection parameters, particularly the right operand. We’ve also considered implementing processing option security through the security workbench now available in Tools. The functionality available does provide some benefits, but has a major bug in that it will unlock the right operand in versions where line level security has been used to fully lock out a line.

We’ve requested a bug fix from Oracle that would ensure version line level security is not unlocked when processing option security is applied using security workbench. The response from Development stated that Data Selection security was intended to replace the old locking feature, therefore, they do not recommend combining them. Also, Development stated that this is the only request they have ever seen on the issue.

So, a few questions: 1) Has anyone else experienced this issue?; 2) Does anyone have recommendations on how to overcome the issue?; 3) Does anyone have interest in joining us if we continue to pursue a fix?


E1 8.12 (upgrading to 9.0)

Tools Release 8.98.2.4 (updgrading to whatever the latest and greatest is roughly six months from now)

[/ QUOTE ]

Not sure if you are talking about new or old style data selection security but here's a blog article I wrote up for new style security:

http://jeffstevenson.karamazovgroup.com/2009/12/data-selection-security-in.html


Hope it helps...or at least doesn't hurt.
 
Re: Security Workbench bug: Applying processing option security through security workbench unlocks version line level security

This is good Jeff. Thanks for posting it.
 
Re: Security Workbench bug: Applying processing option security through security workbench unlocks version line level security

Jeff - Thanks for the information. We are trying to use both old style version row level security and new style data selection security.

The scenarios on your blog show only examples with one row in the data selection. We are interested in a solution that will allow different data selection security by row when there are multiple rows. For example, if we have a batch job/report with 2 rows, we may want the first row to be completely locked down while having just the right operand open on the second row. The old version row level security lets us lock down complete rows, although users can override this using the advanced button. The new data selection security lets us take the advanced button away. It also lets us control specific arguments within the rows, but applies to all rows and overrides any rows that we may have locked out using version row level security.

Our view is that it is a bug to have the new style data selection security override old styly version row level security. Oracle's view is that it's not a bug because users always had the ability to override row level security using the advanced button and because the 2 styles were not intended to be used together (although there was no documentation of this anywhere).

Just wondering if there's some way we haven't considered to meet the need without waiting for Oracle to deliver the enhancement.
 
Back
Top