Restricting People Through Organization Security Profile (Doc ID 1591801.1)

Last updated on JUNE 27, 2016

Applies to:

Oracle Fusion Global Human Resources - Version 11.1.7.0.0 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.7.0.0 version, HCM Common

ACTUAL BEHAVIOR
---------------
Data security profiles have been assigned to the users, but the users are able to view/ access data outside the profile criteria.

Customer has created 2 data roles - one to access Employees belonging to UK Legal Employer and another to access Employees belonging to Swiss Legal Employer. The HR User who has been assigned the data role for UK Legal Employer is able to view employees belonging to the Swiss legal employer.

EXPECTED BEHAVIOR
-----------------------
Expect that the HR User who has been assigned the data role for UK Legal Employer should be able to view employees belonging to the UK legal employer only.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Define Organization Security Profiles
HR Swiss Org Security Profile: Secure by Org Classification = Legal Employer; Secure by Org Unit = Swiss LE - Include
HR UK Org Security Profile: Secure by Org Classification = Legal Employer; Secure by Org Unit = UK LE - Include

2. Define Person Security Profiles
HR Swiss Person Security Profile: Secure by Legal Employer = HR Swiss Org Security Profile
HR UK Person Security Profile: Secure by Legal Employer = HR UK Org Security Profile

3. Create following Data roles using "Manage Data Roles and Security Profiles" task in Functional Setup Manager
HR Swiss Employees Data Role: Human Resource Specialist + HR Swiss Org Security Profile + HR Swiss Person Security Profile + View All profile for other objects
HR UK Employees Data Role: Human Resource Specialist + HR UK Org Security Profile + HR UK Person Security Profile + View All profile for other objects

4. Attach the above data roles to 2 distinct users in OIM
HRSPEC1 >> HR Swiss Employees Data Role
HRSPEC2 >> HR UK Employees Data Role

5. Login as HRSPEC2 and from Person Management, search for an employee belonging to the Swiss legal employer
6. The search results retrieves employees belonging to the Swiss legal employer

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
Due to this issue, the data security policies cannot be enforced as required

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms