SAP Knowledge Base Article - Public

2486574 - User can View Payment Information/ MDF Block Without Permission

Symptom

Users have permission to view their own MDF Block such as Payment Information only.
They do not have permissions to see other users Payment Information or MDF Info.
However they can still see the block with No Data in it for other users.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental

Environment

  • Metadata Framework
  • Employee Central - Metadata Framework
  • Employee Central - Payment Information

Reproducing the Issue

  1. Proxy as a user with ESS permissions for Payment Information only.
  2. Navigate to another users profile where you should not have permission to view the payment information portlet.
  3. You can still see the Payment Information Block although you can not see the data within the portlet.

Resolution

  • In PP3 instance the following is the expected behaviour.
    If you have defined the Payment Information block within a normal Section such as Personal Information in Configure People Profile:
    1.jpg

    You will always see the block regardless of whether you have permissions or not.
    Your permissions will be applied only to the data within the portlet not the portlet itself.
    This is expected behaviour.

    If you have defined the Payment Information block within its own Section (contains only Payment Information) in Configure People Profile:
    2.jpg

    You can restrict access to this block/section within the Employee Views section of the corresponding permission role:
    3.jpg

    If you wish for users to only have ESS permissions to this block, provided them with the permission to see the Payment Information Section.
    If you wish for them to not have permission for this block for other users then restrict this above permission in the required permission role which governs employees on everyone else.


Note:

If any user has view permissions for a custom block for themselves, the block will be visible for others users but the data will be restricted.
 
This will occur for custom blocks that are part of standard portlets. If the custom block is not part of a standard portlet, normal RBP behavior applies.

Keywords

Payment Information, Permissions, No Data, MDF block, People Profile 3, PP3, configure people profile, custom portlet, custom mdf, portlet , KBA , LOD-SF-EC-PAY , Payment Information (Bank Information) , LOD-SF-EC-MDF , MDF & EC2MDF Migration , LOD-SF-MDF , Metadata Framework , Problem

Product

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Core all versions