Skip to main content
Kofax

User received email with subject Potential security violation: Action blocked

3024813

Question / Problem: 

A user received an email with a subject of 'Potential security violation: Action blocked'. The body of the email includes

The action: Approval was blocked for the following reason:
The email address of sender (UserA) is not the address of the invoice owner (UserB).

What does this mean? 

Answer / Solution: 

Example email:

From: MarkView <MarkViewProd@companyxyz.com>
Sent: Tuesday, November 10, 2020 10:00 AM
To: Smith, John <John.Smith@companyxyz.com>;
Subject: Potential security violation: Action blocked.

The action: Approval was blocked for the following reason:
The email address of sender (Jane.Doe@companyxyz.com) is not the address of the invoice owner (Sam.Jones@companyxyz.com).
The affected invoice is ACME (A12345).

Do not reply to this email, which was generated automatically.

 

This type of email is correctly sent when a user attempts to approve an invoice via email, that actually belongs to another user. In the example above, Jane Doe tried to approve via email for an invoice belonging to Sam Jones. 

You may need to:

  1. Confirm why that user tried to approve that invoice via email. Remember: only the user who currently owns the invoice within the MarkView workflow is permitted to approve it.
  2. Confirm the users exist in Oracle HR tables & MarkView tables, ensuring there are no variations between the email address the approver used to send the approval, and what is stored on the system. Note: you can examine the email address that is used for that approver, via the user's group/role output within the MarkView Support Tools.

If questions still remain, you can log a MarkView support case, uploading the details above, plus ...

  1. Provide the full .msg file containing the original approval email that the user, who approved via email, received. 
  2. Provide the full .msg file containing the email with the subject: Potential security violation.
  3. Run the following example query, modified based on the original email received, and the associated work item history, in the MarkView schema of the environment: 

select * from sf_workitem_info i, sf_workitem_property_values_v v

where i.WORKITEM_INSTANCE_ID = v.WORKITEM_INSTANCE_ID

and (upper(v.PROPERTY_VALUE) = 'JANE.DOE@COMPANYXYZ.COM' or

upper(v.PROPERTY_VALUE) = 'SAM.JONES@COMPANYXYZ.COM')

and i.ENQUEUED_TIMESTAMP > to_date('08-NOV-2020', 'DD-MON-YYYY');

 

NOTE: The "Potential security violation: Action blocked" are administration emails sent to the Administrators specified in the MVERP_MAINTENANCE_EMAIL_ADDRESS MarkView Preference. There is no option to customize such an administration email.

For the regular emails sent to an approver, when there are invoices pending their approval, customization of the message content is possible, but it would require an engagement with Kofax Professional Services.

Applies to:  

Product Version
MarkView for Oracle 9.1+

 

 

  • Was this article helpful?