Symptom
Customer defined several company-sensitive custom fields in their job application template and configured read/write permissions for operators (recruiters, hiring managers, etc.) only. Candidates do not have permission to read/write on the configured custom fields. However, when the job requisition is closed, candidates are able to read the data for these company-sensitive fields.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP SuccessFactors Recruiting Management
Cause
The cause of the issue in the job application template was a configuration issue. Field overrides were set up to allow certain fields to be viewed publicly by candidates. However, this field override bypassed the field permissions for candidates. As a result, candidates were able to view the fields even after the requisition was closed, despite the fact that read/write permissions had not been defined. This oversight led to the unintended access of certain fields by candidates, highlighting the importance of carefully considering and testing all configuration changes to ensure they align with the intended permissions and access levels for users.
Resolution
Review the Job Application template and correct the field override.
Keywords
Field, Permission, Attribute, Override, Application, Override, rcm, recruiting, template, candidate, requisition , KBA , LOD-SF-RCM-APP , Applicants and Job Applications , Problem