ETL9.1:Hard Coded Roles For GETAPPROVERSBYTLSecurity User List
Last updated on JULY 13, 2016
Applies to:PeopleSoft Enterprise HRMS Time and Labor - Version: 9.1
Information in this document applies to any platform.
When Time is submitted for an employee that is tied to an approval process definition (AWE Reported Time ) that users the GetApproversByTLSecurity User List, the system did not return valid approvers. It was found that not only the approver needed row security access to the employee but they also needed access to one of our delivered roles 'Manager' OR 'Time & Labor Administrator'.
There is Hard Coding of 'Manager' and 'Time & Labor Administrator' roles in the GetApproversByTLSecurity User List causing customers to customize the code associated with the user list as they cannot use their custom manager role.
Why has their been filtering done based on those roles? As per the customer the access should be controlled by row-level permission list access of the users.
Logic that should be used is:
1: For an employee identify all groups he is a member of
2: For all groups identify all permission list that have access to it.
3: Identify all users with the permission list above.
This is how the logic worked for 8.9 & 9.0 so customers don't feel the need for role filtering as their security should be able to restrict approvers returned for each employee.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms