Symptom
A user without delete permissions for Attachment for an Employee Central entity, is able to delete attachments.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SAP Successfactors Employee Central
Reproducing the Issue
- Proxy as a user without delete permissions for Attachments for an Employee Central Entity (e.g Personal Information).
- Navigate to the user's, for example, Personal Information page and select "Edit"
- The user can see the Trash Can / 'X' (delete/remove) icon and is able to delete the attachment.
Cause
This is the expected system behaviour.
Resolution
The Trash Can / 'X' (delete/remove) icon is still available in the edit mode. The Trash Can / 'X' (delete/remove) icon is not controlled by the Delete permission in RBP, and is considered an integral option of edit mode and is displayed in edit mode regardless of the whether the user has the delete permissions or not.
Keywords
Delete, Attachment, Without, Permissions , KBA , LOD-SF-EC-PER , Person Data (All Person Data Types) , Problem