0 Replies Latest reply: Feb 7, 2013 3:39 AM by 907665 RSS

    Catalog security on 11.1.1.6.6 Bug?

    907665
      Hello,
      I spotted the following behavior while configuring catalog security through catalog manager and i want to know whether this is a bug of the intended behavior.

      1. log in as BIAdministrator user.
      2. pick any folder and set permissions so that its closed for "authenticated user" role.
      3. try to open that folder using your BIAdministrator user..


      What happens here is unlike all the previous version version 11.1.1.6.6 applies a most restrictive approach to the granted privileges, which means even though i have the biadmin role i can't open the folder since my user has inherited authentication user role as well. The problem here since one of my roles is denied i can't even switch the folder back to its original condition and thus i'm locked out of it.

      I've also tested 11.1.1.6.7 and it exhibited the same behavior, but it was upgraded from 11.1.1.6.6 which may mean that the catalog upgrade process may have impacted it as well.


      going back to the release documents i spotted this sentence which only served to get me even more confused about the intended behavior, the sentence starts by talking about least restrictive then goes on to describe most restrictive.

      --------
      http://docs.oracle.com/cd/E29505_01/bi.1111/e10543.pdf

      Page 250 D-16

      " If a user belongs to two application roles or Catalog groups and both are granted permissions, then the least restrictive permissions are given to the user.
      For example, if one application role allows Open access and another allows Modify access, then the least restrictive access would be granted; in this example, Open access."

      -----
      Is that the intended behavior? did anybody come across similar behavior on their instances?