We have some accounting data in the database and do not want all users to be able to see the data for a specific company. So I created two objects . In the first I put the condition where company!=xxxxx (the restricted company) and made this object public. Then I created another object with the condition company=xxxxx and changed the Object Security Level to a Confidential. Only the users who can access the data for the specific company have the privileges of seeing the objects with Confidential Object Security Level. Everything seems fine or atleast it seemed so till, I just received a call from the user. He logged on as the special user(with higher privileges) and ran a report containing the critical data. Now he logged on as a normal user. He is not able to see the objects with higher privileges and that is as it should be. But then he ran the same report now and he was able to see the data,which sure is as he called “DANGEROUS”.
Can someone tell me a better way of incorporating the security. And if Users who do not have higher privileges can run reports containing objects with Higher security level…I wonder what the security really is for…OR am I missing something.
We need to fix this by monday and so immediate help will be really appreciated
thanks
guna
Listserv Archives (BOB member since 2002-06-25)