Fusion Goal Management: HR Specialist role able to search the goals of the person outside the security profile criteria
(Doc ID 1966397.1)
Last updated on JANUARY 22, 2018
Applies to:Oracle Fusion Goal Management - Version 220.127.116.11.0 and later
Oracle Fusion Goal Management Cloud Service - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
On : 22.214.171.124.0 version, Manage Worker Performance-Manage Goals
IPA: Security issue: HR Specialist Role able to search the person goals of other organizations
Customer has defined organization and person security profiles to restrict the data access based on the department tree structure. Data roles have been defined based on the security profiles and assigned to the users. The user who has been assigned the data role is able to view the goals of a worker who belongs to a department which is not part of the tree. The security is working as intended in other applications such as Performance, but not working in the Goals UI.
Expect that the user should not be able to view the workers who have a department assigned which is not part of the department tree used in the security
The issue can be reproduced at will with the following steps:
1. Navigate to Goals > Administer Goals
2. Search for the worker who has a department assigned which is not part of the department tree used in the security profile
3. The search results show the goals of the worker
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!