ETL9.1:Hard Coded Roles For GETAPPROVERSBYTLSecurity User List (Doc ID 1357401.1)

Last updated on JULY 13, 2016

Applies to:

PeopleSoft Enterprise HRMS Time and Labor - Version: 9.1 and later   [Release: 9 and later ]
Information in this document applies to any platform.

Goal

When Time is submitted for an employee that is tied to an approval process definition (AWE Reported Time ) that users the GetApproversByTLSecurity User List, the system did not return valid approvers. It was found that not only the approver needed row security access to the employee but they also needed access to one of our delivered roles 'Manager' OR  'Time & Labor Administrator'.

There is Hard Coding of 'Manager' and 'Time & Labor Administrator' roles in the GetApproversByTLSecurity User List causing customers to customize the code associated with the user list as they cannot use their custom manager role.

Why has their been filtering done based on those roles? As per the customer the access should be controlled by row-level permission list access of the users.

Logic that should be used is:

1: For an employee identify all groups he is a member of
2: For all groups identify all permission list that have access to it.
3: Identify all users with the permission list above.

This is how the logic worked for 8.9 & 9.0 so customers don't feel the need for role filtering as their security should be able to restrict approvers returned for each employee.


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms