In some Express instances or Express instances converted to Enterprise instances, administrators who inadvertently or deliberately have deleted a base system (out-of-box) system table or column cause missing ACLs, which makes the instances vulnerable to data loss.

For example, suppose an instance administrator accidentally hits the Delete function while on the task table. The task table is deleted or columns drop all the data within the columns and all extended child tables.

Affected Express Instances:
- Fuji versions earlier than Fuji Patch 4 Hotfix 6

Affected Enterprise Instances:
- Any version that was converted from Express before Fuji Patch 4 Hotfix 6

Steps to Reproduce

  1. Log in as an Administrator on an Express instance or a sub-production Enterprise instance converted from an Express instance that was on Fuji versions prior to Fuji Patch 4 Hotfix 6 at the time of conversion.

  2. Navigate to System Definition > Dictionary.

  3. Filter on:

    • Table = Task
    • Type = Collection
  4. Click to open the record.

    Note the Delete Table button on the dictionary entry form but do not click it.

    The Delete Table button can be used to delete the instance critical table but it should not be available on any base system table, only on custom customer tables.




Express Workaround

Upgrade to at least Fuji Patch 4 Hotfix 6 or a later release.

Enterprise Workaround

  1. Do one of the following:
    • Go to sys_security_acl list view.
    • Click Access Control (ACL) in the navigation bar.
  2. Filter for sys_id = 739a02cf0a0a0b180173dee0423966b8.
    This ACL on the sys_dictionary table on a delete operation allows access only on the admin role.
  3. Activate the ACL by checking Active.
  4. Click Update.

Related Problem: PRB641815

Seen In

Fuji Patch 4 Hot Fix 1

Fixed In

Fuji Patch 8 Hot Fix 1
Fuji Patch 9

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2016-05-09 21:29:47