2722840 - User Able to Delete Attachments Without Delete Permissions Using Delete Icon

A user without delete permissions for Attachment for an Employee Central entity, is able to delete attachments.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP Successfactors Employee Central

1. Proxy as a user without delete permissions for Attachments for an Employee Central Entity (e.g Personal Information). 
2. Navigate to the user's, for example, Personal Information page and select "Edit"
3. The user can see the Trash Can / 'X' (delete/remove) icon and is able to delete the attachment.

This is the expected system behaviour.

The Trash Can / 'X' (delete/remove) icon is still available in the edit mode. The Trash Can / 'X' (delete/remove) icon is not controlled by the Delete permission in RBP, and is considered an integral option of edit mode and is displayed in edit mode regardless of the whether the user has the delete permissions or not.

Delete, Attachment, Without, Permissions , KBA , LOD-SF-EC-PER , Person Data (All Person Data Types) , Problem

SAP SuccessFactors Employee Central 1711 ; SAP SuccessFactors Employee Central 1802 ; SAP SuccessFactors Employee Central 1805 ; SAP SuccessFactors Employee Central 1808 ; SAP SuccessFactors Employee Central 1811