It's incredible.. once again i felt ashamed of the product that we are introducing to the customer..
FDMEE 2.4 PSU210:
1) Create location "LOCNAME", for example - parent location.
2) Create location "LOCNAME_2", for example - children of "LOCNAME" location.
3) Setup security,turn on "enable security by locations", create hss groups like "fdmee_<location>_i5", add test user ONLY in "fdmee_LOCNAME_2_i5" with role for using data load workbench.
4) Check that test user have only access for "LOCNAME_2" location and doesn't have access for parent location "LOCNAME".
5) Add one more test native group, like "test_LOCNAME_test", WITHOUT ANY ROLES! ..just empty new group. Add ur test user in this group.
6) Relogin with ur test user! *Taa-daaaa-ms!* -> U Have FULL access for parent location "LOCNAME" !!!
FDMEE check location logic is: "find 1st underscore ("_") in groupname, find last underscore char.. the string between thoose under_score chars whill using as location name for futher security checks... ^_^
We have already opening SR with high severity, but this is terrible bug.. our customers have a lot of groups with different name with location names and under_scores.. i think it's fail for Oracle Development and Testing teams.. sorry, i'm sad.