SAP Knowledge Base Article - Public

3117764 - 2H 2021 - Cannot access Groups under Settings while proxying after the release

Symptom

Users can no longer access Groups under Settings while proxying as another user after the 2H 2021 release.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Proxy as another user in the system
  2. Access 'Settings' from the top right side of the header
  3. Observe 'Groups' is no longer visible in Settings while proxying

Cause

This is expected behavior post 2H 2021 release.

Resolution

The ability to access Groups under Settings while proxying as another user has been removed as part of the 2H 2021 release.

This change had to be been made to address the following security gap->

  • Previously, having Proxy rights for "Options(Mobile)", used to grant the ability to access Options -> Groups as well during proxy. But, the proxy permission "Options(Mobile)" is meant to provide access to Settings->Mobile only. Providing additional access to My Groups is a violation of the Principle of Least Privilege.

    Therefore, access to My Groups was removed to ensure that proxy users have access to only the functionality that it is designed to grant access to. 

In 1H 2022 release, Our Product team is planning to provide a new proxy permission to control the visibility of the Group Editing via proxy, this will be compliant with our data protection guidelines. But since it is a new feature that requires several framework changes, the earliest possible timeline is the next major release. 

Keywords

Groups, Settings, Proxy, Release, PLA-26829 , KBA , LOD-SF-PLT-PRX , Proxy , Product Enhancement

Product

SAP SuccessFactors HXM Suite 2111

Attachments

Pasted image.png