Skip to main content

Hi,

I am new to cloud and noticed that ScheduledDatabaseTasksHandling (Database Task Schedule windows) is fully granted to end users through  FND_WEBENDUSER_MAIN.

Excuse my silly question, but why ? I cannot see why an End User must access and create new Schedule Task, it is more an admin job for admin users.

In EE & Aurena, we are able to revoke this projection/ Presentation Object but not anymore with Cloud.

 

Can someone please clarify.

As a workaround, I know I can hide it through Navigator Designer but the projection is still granted …

 

Much appreciated 

 

@NMALKI we ended up duplicating the Permission Set and making adjustments to that copy.

We saw the same security issue you noted as well as access to Workflows.


Hi ​@NMALKI 

 

By this You can schedule any reports. And only reports because by default FND_WEBENDUSER_MAIN does not give You access to any additional Database Task.

I think this is useful and safe. Worse if You have access to all lobbie in 23R2 with FND_WEBENDUSER_MAIN

 

 


@knepiosko thanks but even schedule reports I see it within the admin role and not end users.

 


@PhillBronson thanks I will have probably to do the same 😀


Hi,

I am new to cloud and noticed that ScheduledDatabaseTasksHandling (Database Task Schedule windows) is fully granted to end users through  FND_WEBENDUSER_MAIN.

Excuse my silly question, but why ? I cannot see why an End User must access and create new Schedule Task, it is more an admin job for admin users.

In EE & Aurena, we are able to revoke this projection/ Presentation Object but not anymore with Cloud.

 

Can someone please clarify.

As a workaround, I know I can hide it through Navigator Designer but the projection is still granted …

 

Much appreciated 

 

Hello NMALKI,

Totally agree that this is way to much access for regular end users and the risk of anyone unintentionally (or intentionally) “tampering” with the DB Task Schedules is great. 

The description (in our verison 24R1 SU05) for Permission Set FND_WEBENDUSER_MAIN is “Basic role for end users of IFS Aurena. Contains framework functionality for end users” and there is nothing in an end users role that should require them to have access to CUD for “Database Task Scheduling (Projection: ScheduledDatabaseTasksHandling)

If the meaning is to give access to Projection: DatabaseTaskHandling, it is not part of Permission Set FND_WEBENDUSER_MAIN (in our verison 24R1 SU05).

I have raised an IFS SNOW case CS0420659 today and will keep this thread updated if there is any news related to this,

Br Hans


IFS By default considers most normal users to be able to create Scheduled Tasks, for two main reasons:

  1. Scheduled Reports as ​@knepiosko Mentioned
  2. Scheduled Options that are offered in some dialogs all over the application, such as
     


     

 

 

 

My Company, like many of yours, also considers Scheduling to be an Administration task, because generally speaking we don’t want users to be able to schedule Methods that may be extremely resource intensive for the server at random times (or worse, as duplicates of each other), and so we’ve also disabled that from our users, so that only an IFS Administrator can create a Schedule, at the right time, and ensure it isn’t a duplicate.

 

Note that we also ensure all of our Schedules are run as the IFSAPP User to avoid issues where a schedule suddenly stops working after an employee who had originally created it leaves the company, their account gets offboarded/disabled, and suddenly the Scheduled Task no longer runs properly, creating chaos for our Support Team where something that has been automated for like 2 years suddenly stops working and no one knows why.


Reply