FND_WEBENDUSER_MAIN ---> 'New DB Task Schedule' granted to End Users!
Hi,
I am new to cloud and noticed that ScheduledDatabaseTasksHandling (Database Task Schedule windows) is fully granted to end users through FND_WEBENDUSER_MAIN.
Excuse my silly question, but why ? I cannot see why an End User must access and create new Schedule Task, it is more an admin job for admin users.
In EE & Aurena, we are able to revoke this projection/ Presentation Object but not anymore with Cloud.
Can someone please clarify.
As a workaround, I know I can hide it through Navigator Designer but the projection is still granted …
Much appreciated
Page 1 / 1
@NMALKI we ended up duplicating the Permission Set and making adjustments to that copy.
We saw the same security issue you noted as well as access to Workflows.
Hi @NMALKI
By this You can schedule any reports. And only reports because by default FND_WEBENDUSER_MAIN does not give You access to any additional Database Task.
I think this is useful and safe. Worse if You have access to all lobbie in 23R2 with FND_WEBENDUSER_MAIN
@knepiosko thanks but even schedule reports I see it within the admin role and not end users.
@PhillBronson thanks I will have probably to do the same
Hi,
I am new to cloud and noticed that ScheduledDatabaseTasksHandling (Database Task Schedule windows) is fully granted to end users through FND_WEBENDUSER_MAIN.
Excuse my silly question, but why ? I cannot see why an End User must access and create new Schedule Task, it is more an admin job for admin users.
In EE & Aurena, we are able to revoke this projection/ Presentation Object but not anymore with Cloud.
Can someone please clarify.
As a workaround, I know I can hide it through Navigator Designer but the projection is still granted …
Much appreciated
Hello NMALKI,
Totally agree that this is way to much access for regular end users and the risk of anyone unintentionally (or intentionally) “tampering” with the DB Task Schedules is great.
The description (in our verison 24R1 SU05) for Permission Set FND_WEBENDUSER_MAIN is “Basic role for end users of IFS Aurena. Contains framework functionality for end users” and there is nothing in an end users role that should require them to have access to CUD for “Database Task Scheduling (Projection: ScheduledDatabaseTasksHandling)
If the meaning is to give access to Projection: DatabaseTaskHandling, it is not part of Permission Set FND_WEBENDUSER_MAIN (in our verison 24R1 SU05).
I have raised an IFS SNOW case CS0420659 todayand will keep this thread updated if there is any news related to this,
Br Hans
IFS By default considers most normal users to be able to create Scheduled Tasks, for two main reasons:
Scheduled Reports as @knepiosko Mentioned
Scheduled Options that are offered in some dialogs all over the application, such as
My Company, like many of yours, also considers Scheduling to be an Administration task, because generally speaking we don’t want users to be able to schedule Methods that may be extremely resource intensive for the server at random times (or worse, as duplicates of each other), and so we’ve also disabled that from our users, so that only an IFS Administrator can create a Schedule, at the right time, and ensure it isn’t a duplicate.
Note that we also ensure all of our Schedules are run as the IFSAPP User to avoid issues where a schedule suddenly stops working after an employee who had originally created it leaves the company, their account gets offboarded/disabled, and suddenly the Scheduled Task no longer runs properly, creating chaos for our Support Team where something that has been automated for like 2 years suddenly stops working and no one knows why.
