Fusion Goal Management: HR Specialist role able to search the goals of the person outside the security profile criteria (Doc ID 1966397.1)

Last updated on AUGUST 10, 2016

Applies to:

Oracle Fusion Goal Management - Version 11.1.9.2.0 and later
Oracle Fusion Goal Management Cloud Service - Version 11.1.9.2.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.8.0.0 version, Manage Worker Performance-Manage Goals

ACTUAL BEHAVIOR
---------------
IPA: Security issue: HR Specialist Role able to search the person goals of other organizations

Customer has defined organization and person security profiles to restrict the data access based on the department tree structure. Data roles have been defined based on the security profiles and assigned to the users. The user who has been assigned the data role is able to view the goals of a worker who belongs to a department which is not part of the tree. The security is working as intended in other applications such as Performance, but not working in the Goals UI.

EXPECTED BEHAVIOR
-----------------------
Expect that the user should not be able to view the workers who have a department assigned which is not part of the department tree used in the security

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Navigate to Goals > Administer Goals
2. Search for the worker who has a department assigned which is not part of the department tree used in the security profile
3. The search results show the goals of the worker


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms