SETID Is Not Considered in GRIEVANCES_SRCH and Hence Row Level Security Is Not Enforced (Doc ID 2131678.1)

Last updated on APRIL 27, 2016

Applies to:

PeopleSoft Enterprise HCM Human Resources - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.

Symptoms

On : 9.2 version, Other

ACTUAL BEHAVIOR
---------------
The grievances component is supposed to enforce row level security by using the GRIEVANCES_SRCH view. Believe the intention was to use the BUSINESS_UNIT and DEPTID fields on the record GRIEVANCE record to achieve this. However, SETID is not considered at all in GRIEVANCES_SRCH and therefore, organisations like Deutsche Bahn who have the same DEPTID values setup under many SETIDs find that row level security does not work at all for those DEPTIDs. If DEPTID XYZ is setup under SETID 01 and 02, an employee that has access to DEPTID XYZ can see any grievance record that is tied to that department, regardless of the SETID. If SETID 01 represents Germany and 02 represents France, the employee can see both German and French employees who occupy DEPTID XYZ.

EXPECTED BEHAVIOR
-----------------------
Grievances component needs to enforce row level security by using GRIEVANCES_SRCH view.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Go to App Designer>Open GRIEVANCES_SRCH view
2. If there are same DEPTIDs setup under different SETID, row level security is not enforced.
3. Employee that has access to DEPTID XYZ can see any grievance record that is tied to that department, regardless of the SETID


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms