The application in question is a WebCenter 11g in-house development project using ADF Business Components, JSF 2.0, and Facelets, and is being developed using JDeveloper 11g Release 2, version 11.1.2.4.0. The model project contains an Entity Object with many values for reviewing business projects. The view controller project contains a single page within a bounded task flow, which houses an input form referencing these values for creating and editing reviews. ADF Security features are enabled across the application. In the context of these reviews, intended functionality indicates one class of users can only edit certain "S.E." values, while other users can edit all values and create new reviews. To facilitate this, Entity Attribute-level security has been implemented for the reviews.
The review form renders correctly, with the exception of a small, random selection of the values' input elements (eight out of 40) that render as read-only/disabled only when editing an existing record, but have no issue when creating a new record. When testing using the AppModule testing functionality, the same results are observed: the same eight values can be edited by the test user only for new records, while all other values are editable for new and existing records.
The View Object and Entity Object Attributes for these values are all configured with the Updatable property set to Always. These values include some of the aforementioned "S.E." values, but not all of them - nor are all of the values at issue included within the "S.E." value group. The test user is set as an administrator for the application, an Application Role to which all Resource Entitlements are granted.
I've attempted changing the View Object and Entity Object Attributes' Updatable attributes to While New and Never, then switching them back to Always - confirming that the changes were made in the XML file with each switch. I've checked and rechecked the ADF Security configuration several times, and confirmed the security for each of those values is identical to that of the other values in the same form/Entity for which the issue does not occur. I've cleaned the application and rebuilt the projects (model and vc) individually before deploying to a freshly launched Integrated WebLogic Server; I've closed and relaunched JDeveloper before rebuilding and redeploying; I've even restarted the computer, as sometimes the nature of my enterprise causes odd issues with JDeveloper that are only resolved by a log out or restart of the entire system. I've also confirmed that the issue occurs on my coworker's machine.
Due to the nature of my environment, I cannot divulge explicit details of the application, and the following suggestions are unacceptable.
As it turns out, this issue was caused by an ADF Security/JDeveloper SNAFU. The Entity Attributes in question were renamed (refactored) at some point, and for some reason this change propagated to everything ... except the Attributes' permission configuration. The Attributes and all other references to them held the new names, but their Permission elements in the Entity XML file still held the old names. This was not apparent until reviewing the XML directly, as the JDeveloper UI for ADFBC Entities does not reflect the warning state shown in the XML editor. The solution, then, was to either disable and re-enable Attribute-level security for those Attributes or to manually adjust the Permission elements' parameters within the XML.