OTBI Security Risk - Seeded Reports Without User Security & OTBI Access for Employees
Summary
OTBI Security Risk - Seeded Reports Without User Security & OTBI Access for EmployeesContent
Hi All,
We have recently discovered that seeded Oracle reports do not use User Security to generate the results, therefore anyone who has access to “Reports and Analytics” in Oracle Fusion is able to generate data that they should not have access to. After some testing, we have discovered that even basic Employee User Account has access to Reports and Analytics. Since then we have hidden the link to Reports and Analytics so that employees or managers cannot access the reporting module via Navigator. However, if an employee or a manager inadvertently stumbled upon the direct link to Reports and Analytics or