Fusion Global HR: Enhancement Request - Assignment Level Security Need to be Tightened.
Last updated on SEPTEMBER 26, 2016
Applies to:Oracle Fusion Global Human Resources Cloud Service - Version 22.214.171.124.0 and later
Oracle Fusion Global Human Resources - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
3 main security issues:
- HR user can have access to an employee assignments which are out of his/her security profile scope.
- HR user can have access to an employee past assignment because he/she has access to a current assignment which is in his/her security profile scope // or the opposite way: HR user can have access to a newly created assignment not in his/her security profile scope, just because this user had access to past assignments of the employee.
- HR user can have access to personal assignment details of any employee in the world (using the hire process which detects duplicate).
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms