Fluid ESS Personal Data Allows Access To Transactions Not Granted Via Security
Last updated on AUGUST 15, 2017
Applies to:PeopleSoft Enterprise HCM Human Resources - Version 9.2 to 9.2 [Release 9]
Information in this document applies to any platform.
On : 9.2 version, Job / Personal Information
Fluid ESS Personal Data allows access to transactions not granted via security
Fluid ESS Personal Data allows access to transactions on the left side navigation to which the user has not been granted access via security.
User can select any transaction and perform updates without security access to that transaction. This includes
Company does not allow access to all of these transactions for all employees. Access can vary by country, and therefore needs to be security driven.
Expect left side navigation to disappear for menus not given security access.
The issue can be reproduced at will with the following steps:
1. Go to PeopleTools>Security>Permissions>Copy Permission List HCCPSS2310 to a New Permission List.
2. Add this permission list to a role TEST
3. Remove e access to Contact Details, Marital Status, Name and Ethnic Groups and save.
3. Attach this role to employee HCRUSA_KU0130 after removing eprofile employee fluid role
4. Run Refresh SJT Processes under Setup HCM>Security>Core Row level security
5. Log in as employee HCRUSA_KU0130
6. You can still see Maritall status link on left side navigation.
7. If you remove Address from page permissions, and test again.
8. Personal tile disappears from fluid page.
The issue has the following business impact:
Due to this issue, users cannot complete fluid transactions.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms