Oracle APC (PLM) Security Issue in Item Catalog

Similar Messages

• Need API to Assign items to ICC in oracle APC

  Hi,
  In development instance i assigned items to a specific ICC using excel(EDI). There are more than 2000 items. We would like to automate it rather than uploading from excel while moving to UAT and PROD instances.
  I used EGO_ITEM_PUB.PROCESS_ITEMS. Before i process item using this API, i can find the item when i search for it in APC using "item search" with ICC as null or some other ICC. But when i process the item using this API i couldnt find the item in APC or not in ego tables.
  Can anyone please tell me if this is the correct API that am using.
  Thanks in Advance

  Have you reviewed (Change Item Catalog Category (ICC) Using EGO_ITEM_PUB.PROCESS_ITEMS API [ID 1152476.1]) and see if it helps?
  Thanks,
  Hussein

• Grouping issue vouchers items in an invoice

  Hi all
  I'm developing an inventory and sales system , I have a master detail form for issue vouchers issued to customers, the master block contains the columns voch_no (issue voucher no) and the customer_no from issheads table and the detail block contains voch_no, stock_code,quantity and price colums from isslines table.
  Each customer may have more than one issue voucher, and each issue voucher may have more than one item.
  I have another form, the invoice form (also a master detail just like the issue voucher).
  What i hope to do is when the user creates a new invoice for a specific customer, he shouldn't create the invoice items himeself, but he should select some issue vouchers that belong to that customer (better to be multi select), then the invoice items will be created automatically to get the sum(quantity) grouping a line for each item by stock_code,price.
  The issue voucher numbers related to each invoice should be saved in a table for later updating.
  my question is :
  1-Should i create a new table that contains all the nmbers of the issue vouchers related to the invoice no ?
  2- how can i handle this in forms builder ?, should i create a new form, or can i achieve this in the invoice form itself and how?
  Please help

  Thank you!
  You're probably right, I might be talking about a feature of the sistem I'm using. Actually I'm not sure if I have access to database but probably not, I work at Xerox in Brasil and would like to know a little bit more about Oracle, with out have to ask my boss all the time. I work with record receipts of different species have lost much time trying to find repeating items on invoices. Sometimes we have interface issues, some items don't go to WIS (warehouse information system) after it registers on Oracle, so we have the physical part but it's not in the report storage
  My boss once told me he would teach me a way to see items of an invoice (repeting or not) after it registers on Oracle, but he is too busy, so I'm trying to find out by myself. If it helps, the systems responsability is Oracle applications - OSPD and my security group is standart.
  I'm sorry if my english is not that good I feel that my words seem a little confusing to you...
  Did you understand what I mean? Hope you did, and hope you can help.
  Thanks once again for your interest in helping me I really aprecciate it.
  Regards,
  Maria Carolina.

• Supplier Item Catalog - search screen query ~ tends to take 10 - 12 secs

  I wanted to find out if any customer(s) out there has ever encountered this performance issue in the Supplier Item Catalog search screen. We setup an item catalog category using the supplier item but when we attempt to query on the item/supplier search, the search time takes up to 10 - 12 secs per find. Caveat, when you do search for the same item on the 2nd time; the return is alot quicker. It seems the parsing is the issue but we are still trying to figure a resolution to the performance factor. Thanks.

  Hi Hussein,
  Thanks for the reply back. Unfortunately, we tried to apply both patches (recommended patch (5404474) v. the previous patch(5567690) but it did not work . We actually have a TAR opened with Oracle support. I'd thought that with this Oracle forum site, other customers may have the similar performance issue and hopefully a recommended resolution. At this point, Oracle support mentioned the issue lies in the parsing segment of the query.

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Dynamic UI Shell & Security Issue - FYI

  Hi
  In Jdeveloper 11.1.1.4.0 when granting security to a role for the Dynamic UI Shell you could encounter the following issue.
  On the Resource Grants tab, select Resource Type = "Web Page" & ensure that "Show task flows imported from ADF libraries" is selected. The "dynamicTabShellDefinition" is available to grant access to a role.
  Change the Resource Type = "Task Flow". The blank task flow from the imported library should be visible in the Resource column, but is not.
  Running the page containing the UI Shell template will result in a Authorization error.
  To solve add the following code to the jazn-data.xml file within the tags of the role that you are granting access to the task flow;
  +<permission>+
  +<class>oracle.adf.controller.security.TaskFlowPermission</class>+
  +<name>/WEB-INF/oracle/ui/pattern/dynamicShell/infra/blank.xml#blank</name>+
  +<actions>view</actions>+
  +</permission>+
  I have tested this in version 11.1.2.0* and the task flow is shown in the Resource column of the wizard.
  Regards.
  Leon.

  Thanks a lot..
  Useful information

• Security issues for Discoverer 10g apps 12i

  gurus,
  I have couple of things to get it done at client.
  We are on Oracle Apps rel 12i with dicoverer 10g.
  Did anyone setup MOAC to be enabled and operational in business areas?
  Setting up secure responsibilities in discoverer for MOAC?
  Any setup needs to be done for custom report security in discoverer ?
  thx

  Hi,
  I did setup new MOAC security profiles and assigned multiple organizations to that profile for testing purpose.
  After this, I did run concurrent program "Security List Maintennce" etc...
  Tested Upding profile at user level or responsibility level.
  On APPS side fine.
  I need the some basic steps on setup of security issues for discoverer side.
  1) Business areas (any security steps need to be followed in order to access data for single or multi-org)
  2) Custom Reports ( any security setup or any moac security profile setting against responsibilty for accessing single or multi-org data)
  Since we dont have default operating unit parameter as specified in the concurrent program, how do you restrict data?
  3) Reconciling security approach r12 with discoverer (any steps need to be followed here after r12 configuration with security issues)
  4) Custom Views ( any steps to be followed for single or multi-org data as security aspect)
  Looking for info on these setups.
  Thx

• Oracle ERP Application Security

  One of my clients said he want to move Oracle ERP Applications to the Internet. So what security issues should I think about?

  you can find in oaug document...there are many posting

• Security issue - or not? (remote trigger SMC startup)

  Hi,
  During installation of a few zones on a Sol10U2 system today, I noticed that simply running an nmap scan on a freshly installed and booted zone would cause the SMC to start:
  Starting Solaris Management Console server version 2.1.0.
  endpoint created: :898
  Adding instance of solaris_providerpath
  Adding class Solaris_LocalFileSystem
  Adding class Solaris_Directory
  Adding class Solaris_Mount
  Adding class Solaris_UFS
  Adding class Solaris_HSFS
  Adding class Solaris_UFSMount
  Adding class Solaris_HSFSMount
  Adding class Solaris_LocalFSResidesOnExtent
  Compilation succeeded.
  Adding class Solaris_DiskDrive
  Adding class Solaris_DiskPartition
  Adding class Solaris_MediaPresent
  Adding class Solaris_LogicalDisk
  Adding class Solaris_PhysicalMedia
  Adding class Solaris_Disk
  Adding class Solaris_PhysicalPackage
  Adding class Solaris_RealizesExtent
  Adding class Solaris_RealizesDiskPartition
  Adding class Solaris_RealizesDiskDrive
  Adding class Solaris_DiskPartitionBasedOnDisk
  Adding class Solaris_DiskPartitionBasedOnFDisk
  Adding class Solaris_SCSIController
  Adding class Solaris_IDEController
  Adding class Solaris_MPXIOController
  Adding class Solaris_USBSCSIController
  Adding class Solaris_GenericController
  Adding class Solaris_SCSIInterface
  Adding class Solaris_MPXIOInterface
  Adding class Solaris_IDEInterface
  Adding class Solaris_ExtraCapacityGroup
  Adding class Solaris_MPXIOGroup
  Adding class Solaris_ControllerLogicalIdentity
  Adding class Solaris_MPXIOCtrlrLogicalIdentity
  Adding class Solaris_ControllerComponent
  Adding class Solaris_MPXIOComponent
  Adding class Solaris_StorageLibrary
  Compilation succeeded.
  Adding class CIM_ManagedElement
  Adding class CIM_SettingData
  Adding class CIM_Share
  Adding class CIM_FileShare
  Adding class CIM_NFSShare
  Adding class CIM_SharedElement
  Adding class CIM_HostedShare
  Compilation succeeded.
  Adding class Solaris_NFSShare
  Adding class Solaris_NFSShareSecurity
  Adding class Solaris_NFS
  Adding class Solaris_PersistentShare
  Adding class Solaris_MountSetting
  Adding class Solaris_NFSMountSetting
  Adding class Solaris_ShareSetting
  Adding class Solaris_NFSShareSetting
  Adding class Solaris_ShareService
  Adding class Solaris_MountService
  Adding class Solaris_NFSMount
  Adding class Solaris_NFSShareSecurityModes
  Adding class Solaris_NFSShareDefSecurityMode
  Adding class Solaris_HostedShare
  Adding class Solaris_PersistentShareConfiguration
  Adding class Solaris_PersistentShareForSystem
  Adding class Solaris_NFSShareEntry
  Adding class Solaris_SharedElement
  Adding class Solaris_NFSExport
  Adding class Solaris_SharedFileSystem
  Compilation succeeded.
  Adding instance of solaris_providerpath
  Adding instance of solaris_providerpath
  Adding class Solaris_VMStateDatabase
  Adding class Solaris_VMSoftPartition
  Adding class Solaris_VMExtent
  Adding class Solaris_VMStripe
  Adding class Solaris_VMConcat
  Adding class Solaris_VMMirror
  Adding class Solaris_VMRaid5
  Adding class Solaris_VMTrans
  Adding class Solaris_VMHotSparePool
  Adding class Solaris_VMDiskSet
  Adding class Solaris_VMStorageVolume
  Adding class Solaris_VMConcatComponent
  Adding class Solaris_VMDriveInDiskSet
  Adding class Solaris_VMExtentBasedOn
  Adding class Solaris_VMSoftPartComponent
  Adding class Solaris_VMExtentInDiskSet
  Adding class Solaris_VMHostInDiskSet
  Adding class Solaris_VMHotSpareInUse
  Adding class Solaris_VMHotSpares
  Adding class Solaris_VMMirrorSubmirrors
  Adding class Solaris_VMRaid5Component
  Adding class Solaris_VMStatistics
  Adding class Solaris_VMStripeComponent
  Adding class Solaris_VMTransLog
  Adding class Solaris_VMTransMaster
  Adding class Solaris_VMUsesHotSparePool
  Adding class Solaris_VMVolumeBasedOn
  Adding class Solaris_DiskIOPerformanceMonitor
  Compilation succeeded.
  Adding instance of solaris_providerpath
  Adding class Solaris_ActiveUser
  Adding class Solaris_ActiveProject
  Adding class Solaris_ProcessStatisticalInformation
  Adding class Solaris_UserProcessAggregateStatisticalInformation
  Adding class Solaris_ProjectProcessAggregateStatisticalInformation
  Adding class Solaris_ProcessStatistics
  Adding class Solaris_ActiveUserProcessAggregateStatistics
  Adding class Solaris_ActiveProjectProcessAggregateStatistics
  Compilation succeeded.
  Registration setup: 8/8 (Executing SUNWpmgr_reg.sh)
  Registering components: 64/64 (Registering PatchMgrCli.jar)                 er)
  Solaris Management Console server is ready.For interest, the nmap result is:
  toby@deepthought ~ $ nmap -v 192.168.1.122
  Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-08-29 20:39 EDT
  DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
  Initiating Connect() Scan against 192.168.1.122 [1672 ports] at 20:39
  The Connect() Scan took 44.49s to scan 1672 total ports.
  Host 192.168.1.122 appears to be up ... good.
  Interesting ports on 192.168.1.122:
  (The 1662 ports scanned but not shown below are in state: closed)
  PORT     STATE SERVICE
  21/tcp   open  ftp
  22/tcp   open  ssh
  23/tcp   open  telnet
  79/tcp   open  finger
  111/tcp  open  rpcbind
  513/tcp  open  login
  514/tcp  open  shell
  898/tcp  open  sun-manageconsole
  4045/tcp open  lockd
  7100/tcp open  font-service
  Nmap finished: 1 IP address (1 host up) scanned in 44.874 seconds(port 7100 is actually a non-standard VNC server which was carried over from the global zone)
  Of course, this is immediately before running Solaris Security Toolkit (jass) to apply a secure profile.
  Does it matter that this SMC startup can be triggered so easily remotely?

  It just struck me odd that simply port-scanning the
  machine could produce this behaviour, and I wonder if
  it might be a security issue.Probably not directly. Sun has distributed several items in the past that launch via inetd connections (calendar manager and font server were two common ones). Just because it launches doesn't mean it's a security problem. The application itself may require authentication after running.
  Of course the resources required by the process may be non-trivial, and the application may have security issues, but the fact that it launches isn't a direct indication of a problem.
  Darren

• Creating Item Catalog Category  in Product Information Management(PIM)

  Hi all,
  I am new to oracle apps R12. now i am working on Product Information Management(PIM) module in R12. I want to create a new Item catalog category(ICC) under the root item catalog. It was used to adding my new items in the hierarchy. I could able to create new item in PIM , but could not able to create a new Item catalog category(ICC).
  Please help How create a new Item catalog category in PIM.
  Thanks
  Prab

  Did you followed complete steps like
  1. Development Manager > Setup Workbench
  2. Select from list Product
  3. Click on Sub-Task "Categories"
  4. Click on Task Categories
  5. Click on Sub-Task "Create Category"
  6. Choose from LOV for Flex Category "Product Categories".
  7. Select Continue
  8. Fill fields and select "Apply" butto
  regards

• Oracle Business Intelligence Security: Error Suppression

  Hello All,
  I have OBI set up with a front end so users can access data. The users constitute of management teams & certain senior management people.
  This is an out-of-box deployment. The web security assessment for the application revealed that improper query strings result in breaking the report/code & displaying the detailed error messages. Although the error messages do not show physical db details, the presentation layer metadata attributes does get on the screen.
  I understand that the underlying info may be accessible using OBIEE Answers. Hence, I need your opinions & suggestions on the following concerns:
  1. How could these messages be suppressed completely?
  2. What attack vectors do I need to be cover in case there is no solution for error suppression?
  Please suggest.
  Thanks.
  Edited by: user473814 on Apr 14, 2009 2:20 AM

  I am not sure why your Web Security Team thinks that "detailed error messages" are a security issue. I would question that to be honest. In a standard Web Application "detailed error messages" are a security threat if they reveal things like physical DB names, physical table names, physical column names etc. as this could assist an attacker in targetting the physical DB. In the OBIEE case all the "detailed error messages" show is logical SQL which doesn't really show any physical SQL details. The conversion between logical SQL and physical SQL is done inside the BI Server so it's not exposed. The connection to the BI Server can be restricted to be only allowed from your Presentation Services Server so it's protected.
  In any case you are dealing with a third party tool here. You shouldn't try to amend it. If your company finds any security issues you should raise an SR with Oracle Support and get them to fix it.

• Severe Security Issue with Sharing Permissions and Windows

  I recently discovered a severe Security issue with the windows sharing an permission settings:
  I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
  1. I set the Drive checkbox "ignore ownership" off.
  2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
  3. I apply to enclosed Items
  4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
  5. I apply to enclosed Items
  6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
  7. I delete all previous shares
  8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
  9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
  10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
  BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
  TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

  I recently discovered a severe Security issue with the windows sharing an permission settings:
  I have two users, an admin user and a parental controlled user. On my mac mini, i have a external harddrive connected. On the harddrive, i have three folders, Itunes, Iphoto (Package) and a Temp Folder. I want to share the Harddrive RW for the admin, but only R for the parental user. But the Temp folder should be accessible for RW for the parental as well.
  1. I set the Drive checkbox "ignore ownership" off.
  2. I set the permissions of the drive to admin RW, parental R and Everyone to "no access"
  3. I apply to enclosed Items
  4. I set the permission of the Temp folder to admin RW, parental RW and Everyone to "no access"
  5. I apply to enclosed Items
  6. I go to "File Sharing" in the Preferences and activate SMB sharing for both users
  7. I delete all previous shares
  8. I add the Disk and use the proposed permissions which are admin RW, parental R, Everyone "no access"
  9. I add the Temp folder and use the proposed permissions which are admin RW, parental RW, Everyone "no access" - Funny, there is a new Group called "Temp" created which has custom access on both sharepoints
  10. I connect to the mac over a Windows machine (NTLM auth set appropriatly). Now I try to create a folder on the root of the Disk share, I get a denied message.
  BUT WHEN I GO INTO A SUBFOLDER (eg. ITUNES or IPHOTO), WHICH HAS ALSO JUST "R" PERMISSION FOR THE PARENTAL USER, I AM ABLE TO RW, DELETE AND DO EVERYTHING!!!
  TO RECAPITULATE: THE SHARING PERMISSIONS ARE "R", AND THE FILE PERMISSIONS IN THE RESPECTIVE FOLDERS FOR THE RESPECTIVE USER ARE ALSO JUST "R". BUT THE USER CAN DO EVERYTHING IN THE SUBFOLDERS!!!

• Error oracle.apps.xdo.security.ValidateException

  Hi,
  When trying to login in the BI Publisher, I am getting the following error:
  oracle.apps.xdo.security.ValidateException
  The username and password are correct and the xmlpserver is running. I am using the OC4J application server. Any ideas please?
  Thanks
  Marija

  I believe there is some problem with the BI Server security. Try changing the security to XDO in xmlp-server-config.xml file. I have blogged about it here http://oraclebizint.wordpress.com/2007/11/06/oracle-bi-publisher-and-bi-ee-invisible-admin-tab/. Though the blog entry was for some other issue but this should help you in changing the security.
  Thanks,
  Venkat
  http://oraclebizint.wordpress.com

• Security Issues with workbook

  Hello All,
  When I log into discoverer with some responsiblity "a" i am able to see the output of the particular workbook.
  But when the same work book ran by other user with differnet responsbility "b" and with with same parameters , he is geting the message as "'The query caused no data to be returned" .
  There seems to be some security issues. Can any one kindly explain the process why the user is not able to view the output. In order to overcome this what are the actions i need to do.
  Thanks for your support.
  Best Regards,
  Kumar.

  Hi,
  I assume that you are using Oracle Applications and that the user is connecting with a different apps responsibility.
  In Discoverer, security can be applied at 4 levels; in the workbook, in the EUL, in views and using VPD. Application 11i security is mostly applied through views.
  Now, the security applied depends on the Apps module. GL, AP/AR, PO and FA all have different mechanisms for applying security. Mostly the security applied will be determined by security profiles set up for the responsibilities. But for example, GL, also uses row based (procedural) security based on the flexfield security rules in some of the GL views. If you are using a custom responsibility you will need to ensure that all the security profiles are set up for this responsibility.
  So your first step is to look at what view(s) are used in the report. Then determine which security profiles are checked by this view. So if it is a GL view you need to check the 'GL Set of Books Name' profile is defined for that responsibility.
  Without knowing which modules you are using, which version of Oracle Applications or whether you have custom or seeded responsibilities it is difficult to know why your report does not return data for the responsibility.
  Rod West

• Security issues with XMLDB.

  Good afternoon, everyone.
  I have a question concerning the security issues of using http service of XMLDB..
  I'm going to set the http port of XMLDB on my production database so I can call
  remote jobs on machines that have the Scheduler Agent installed. (http://docs.oracle.com/cd/B28359_01/server.111/b28310/schedadmin003.htm)
  My question is, what kind of security threats I have to be aware of by opening the xmldb http service port?
  Is there any article or documentation that could help me in this subject?
  Thanks for the patience.
  Regards, Leandro Freitas.

  It depends.
  Generally speaking we think in terms of a DMZ: demilitarized zone. Is the access being made by from a server protected by a firewall or is the Oracle server visible to the world via a piece of copper?
  Fill in the details, and your version number, or we truly can not help you.