Symptom
Employees are able to see Deduction section of other employees without permission
Environment
SAP SuccessFactors Employee Central
Reproducing the Issue
- Proxy in as an employee without permission to Deduction section
- Search for any employee in the organization
- Access Employee profile
- Recurring deduction and non-recurring deduction portlets are visible
Cause
When the subject user is in the logged in user’s Target population AND the logged in user has the permission “Access to non-secured objects” AND the following Deductions objects are non-secured, then the logged in user can view the subject user’s Deductions. The related Deduction objects are: OneTimeDeduction, OneTimeDeductionUserGO, OneTimeDeductionProxyGO.
Resolution
To resolve the issue, either of the following RBP settings should be adopted:
The logged in user should not have the permission “Access to non-secured objects” when the above-mentioned Deductions objects are non-secured
OR
The Deductions objects should be secured so that only the users who have access to this RBP category (for example, Miscellaneous if that’s what selected for the Deductions objects RBP category) will be able to see Deductions for their Target population.
Note: The Deductions guide book is being updated with this information.
Keywords
INC0056428, non-secured, Access to non-secured objects, permission, RBP, Target population , KBA , LOD-SF-EC-DED , Deductions , Problem