Employee Can View And Update Other Employees’ Data

(Doc ID 2240826.1)

Last updated on APRIL 20, 2017

Applies to:

Oracle Fusion Global Human Resources Cloud Service - Version and later
Information in this document applies to any platform.


On : Rel 11 version, Global Human Resources

User with only seeded Employee role attached is able to view and actually update other employees’ information via the Directory or Person Gallery. This includes viewing their salaries, adding absence records, managing their User Accounts, Personal Contributions etc.

Employee role to provide access to view own data.

The issue can be reproduced at will with the following steps:
1. Log in as an employee
2. Person gallery
3. Select a card of another employee
4.able to view and actually update other employees’ information

The issue has the following business impact: Security issue


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms