SAP Knowledge Base Article - Public

2936426 - Deductions Portlet visible without permission

Symptom

Employees are able to see Deduction section of other employees without permission

Environment

SAP SuccessFactors Employee Central

Reproducing the Issue

  1. Proxy in as an employee without permission to Deduction section
  2. Search for any employee in the organization
  3. Access Employee profile
  4. Recurring deduction and non-recurring deduction portlets are visible

Cause

When the subject user is in the logged in user’s Target population AND the logged in user has the permission “Access to non-secured objects” AND the following Deductions objects are non-secured, then the logged in user can view the subject user’s Deductions. The related Deduction objects are: OneTimeDeduction, OneTimeDeductionUserGO, OneTimeDeductionProxyGO.

Resolution

To resolve the issue, either of the following RBP settings should be adopted:

The logged in user should not have the permission “Access to non-secured objects” when the above-mentioned Deductions objects are non-secured

OR

The Deductions objects should be secured so that only the users who have access to this RBP category (for example, Miscellaneous if that’s what selected for the Deductions objects RBP category) will be able to see Deductions for their Target population.

Note: The Deductions guide book is being updated with this information. 

Keywords

INC0056428, non-secured, Access to non-secured objects, permission, RBP, Target population  , KBA , LOD-SF-EC-DED , Deductions , Problem

Product

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Suite all versions