SETID Is Not Considered in GRIEVANCES_SRCH and Hence Row Level Security Is Not Enforced
(Doc ID 2131678.1)
Last updated on JULY 22, 2020
Applies to:PeopleSoft Enterprise HCM Human Resources - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.
On : 9.2 version, Other
The grievances component is supposed to enforce row level security by using the GRIEVANCES_SRCH view. Believe the intention was to use the BUSINESS_UNIT and DEPTID fields on the record GRIEVANCE record to achieve this. However, SETID is not considered at all in GRIEVANCES_SRCH and therefore, organisations like Deutsche Bahn who have the same DEPTID values setup under many SETIDs find that row level security does not work at all for those DEPTIDs. If DEPTID XYZ is setup under SETID 01 and 02, an employee that has access to DEPTID XYZ can see any grievance record that is tied to that department, regardless of the SETID. If SETID 01 represents Germany and 02 represents France, the employee can see both German and French employees who occupy DEPTID XYZ.
Grievances component needs to enforce row level security by using GRIEVANCES_SRCH view.
The issue can be reproduced at will with the following steps:
1. Go to App Designer>Open GRIEVANCES_SRCH view
2. If there are same DEPTIDs setup under different SETID, row level security is not enforced.
3. Employee that has access to DEPTID XYZ can see any grievance record that is tied to that department, regardless of the SETID
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document