Forum Stats

  • 3,769,338 Users
  • 2,252,950 Discussions
  • 7,874,992 Comments

Discussions

APEX 20.2 Interactive Grid - Users can edit/delete each other's public reports

Niek van de Ven
Niek van de Ven Member Posts: 6 Green Ribbon

Hi,

One of our users has discovered that it is possible to change/rename/delete public reports that were created by other users. I'm not sure if this has always been the case for Interactive Grids or since our upgrade from APEX 18.2 to 20.2, but this shouldn't be possible.

According to the documentation:

9.6.8.4 Saving a Public Interactive Grid Report

"All users (that is, both end users and developers) can save a Public interactive grid. However, only the user who creates a Public interactive grid can save, rename, or delete it. Users who did not create the public report can view it and also have the option to make their own copy of it using the Save As option."

For Interactive Reports it does work correctly and only the one who made the public report can make changes to it. All Interactive Reports and Interactive Grids make use of the same authorization scheme.

Is this a bug in 20.2?

Regards,

Niek

Tagged:

Answers

  • Tony.A-Oracle
    Tony.A-Oracle Member Posts: 44 Employee

    I'm seeing the same behavior in 19.2 for IGs. I just went into someone else's public report and was able to remove a column and save it. I then asked a different user to view that public report and they saw the new definition. Seems like a bug to me, I wasn't logged into the app builder either.

  • Tony.A-Oracle
    Tony.A-Oracle Member Posts: 44 Employee

    Just tested on apex.oracle.com which is running 21.1, same issue. I created a new public report, had someone else log in and he removed all but one column and saved it. I refreshed my page and the report was indeed updated to the new format.

  • Niek van de Ven
    Niek van de Ven Member Posts: 6 Green Ribbon

    Hi @Tony.A-Oracle,

    I have also asked a colleague to test this on a different environment and he confirmed it's a bug as well.

    Can this be added to the known issues?

  • Tony.A-Oracle
    Tony.A-Oracle Member Posts: 44 Employee

    I'm trying to get some more information on another forum, if something comes of it I'll post it here.

  • Tony.A-Oracle
    Tony.A-Oracle Member Posts: 44 Employee

    Hey Niek - I got a reply from someone on the development team, here is what they said:


    A saved public report doesn't have an owner. It's similar to a Primary or Alternative Report which also doesn't have an owner. The only difference is that a public report is created by an end-user and Primary or Alternative Reports are created by developers. As long as an end-user has the privilege to save public reports, he is able to modify any public report, independent if he originally created that public report.

    I will add a note for our documentation team to update the misleading documentation.

  • InoL
    InoL Member Posts: 9,341 Gold Crown

    That is, IMHO, not a very good explanation. As Niek already said:

    For Interactive Reports it does work correctly and only the one who made the public report can make changes to it.

    Why is there a difference between IG and IR here? Shouldn't it work the same?

  • Tony.A-Oracle
    Tony.A-Oracle Member Posts: 44 Employee
    edited Aug 9, 2021 4:20PM

    I agree, I think the documentation is right and the behavior is wrong. I thought the same thing in regards to the differences between IG and IR. Documentation aside, the IG approach is counter-intuitive to me. Imagine working hard to customize a report, save it and then come back two days later to find the report completely different because someone else has changed the columns and edited the filters.

  • Niek van de Ven
    Niek van de Ven Member Posts: 6 Green Ribbon

    @Tony.A-Oracle I agree with InoL that it's weird that there is a difference between IGs and IRs then.

    1. Only the one who made the public report can edit/delete it (current situation for Interactive Reports)
    2. Public reports can be edited by all that have public reports saving rights (current situation for Interactive Grids)

    I would prefer situation 1 for both IGs and IRs, but both situations are OK for me. It should just be consistent across all report types, so we can inform our users how it works. They shouldn't need to know the technical differences between IRs and IGs.

    Imagine working hard to customize a report, save it and then come back two days later to find the report completely different because someone else has changed the columns and edited the filters.

    In situation 1, this would indeed not be a problem. In situation 2, for me, it's also not a problem, since you can always save it as a private report if it's only for yourself. In our case, only a few users have rights to save public reports and they can coordinate adjusting them, but it's difficult to explain that it works differently between report types.