/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
An employee is able to edit time type configuration in manage data from the time type pop-up in workflow request. This leads to security issues as the employee is able to update objects that they do not have permission to access.
Environment
- SAP SuccessFactors Employee Central: Time Off
Reproducing the Issue
- Proxy as any employee in the system
- Navigate to any pending time off request, in 'view my pending requests
- The pop-up box is visible next to the time type in the leave request, and that can be used to edit the time type configuration
Cause
A default screen is assigned to employee time object which is overriding the hard-coded permissions, that ensure that the time type object cannot be edited from workflow details.
Resolution
Remove the default screen assigned to employee time object in configure object definition.
Keywords
Time Type, permission, secured, edit, default screen, employee time, workflow request, time off, employee central , KBA , LOD-SF-EC-TIM-WAN , Workflows - Alerts - Notifications , Problem
Product
SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Core all versions
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)