Last updated on AUGUST 10, 2016
Applies to:Oracle Fusion Goal Management - Version 22.214.171.124.0 and later
Oracle Fusion Goal Management Cloud Service - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
On : 188.8.131.52.0 version, Manage Worker Performance-Manage Goals
IPA: Security issue: HR Specialist Role able to search the person goals of other organizations
Customer has defined organization and person security profiles to restrict the data access based on the department tree structure. Data roles have been defined based on the security profiles and assigned to the users. The user who has been assigned the data role is able to view the goals of a worker who belongs to a department which is not part of the tree. The security is working as intended in other applications such as Performance, but not working in the Goals UI.
Expect that the user should not be able to view the workers who have a department assigned which is not part of the department tree used in the security
The issue can be reproduced at will with the following steps:
1. Navigate to Goals > Administer Goals
2. Search for the worker who has a department assigned which is not part of the department tree used in the security profile
3. The search results show the goals of the worker
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms