My Oracle Support Banner

ETL9.1:Hard Coded Roles For GETAPPROVERSBYTLSecurity User List (Doc ID 1357401.1)

Last updated on FEBRUARY 05, 2019

Applies to:

PeopleSoft Enterprise HCM Time and Labor - Version 9.1 and later
Information in this document applies to any platform.


When Time is submitted for an employee that is tied to an approval process definition (AWE Reported Time ) that users the GetApproversByTLSecurity User List, the system did not return valid approvers. It was found that not only the approver needed row security access to the employee but they also needed access to one of our delivered roles 'Manager' OR  'Time & Labor Administrator'.

There is Hard Coding of 'Manager' and 'Time & Labor Administrator' roles in the GetApproversByTLSecurity User List causing customers to customize the code associated with the user list as they cannot use their custom manager role.

Why has their been filtering done based on those roles? As per the customer the access should be controlled by row-level permission list access of the users.

Logic that should be used is:

1: For an employee identify all groups he is a member of
2: For all groups identify all permission list that have access to it.
3: Identify all users with the permission list above.

This is how the logic worked for 8.9 & 9.0 so customers don't feel the need for role filtering as their security should be able to restrict approvers returned for each employee.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.