SAP Knowledge Base Article - Public

3153010 - Executive Review Filter Advanced find user API - Compensation

Symptom

Although user A has no Executive Review view/edit permissions on user B defined in RBP, A accesses Executive Review, filters for B in Individual View and is able to see this user in the find user API.

**Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental**

Environment

  • SAP SuccessFactors HXM Suite
  • SAP SuccessFactors Compensation

Reproducing the Issue

  1. Compensation tab;
  2. Executive Review;
  3. Select the template;
  4. The user who is logged in (user A) accesses the filters and searches for user B under Individual View;
  5. Find user API displays user B's name.

Cause

Designed behavior.

Resolution

  • Find user API has no limitation (or restrict search) since it uses a different component to support Advanced Filters;
  • There is no permission control because find user API is a common API, whereas Executive Review view/edit permission is a Compensation owned permission. 
  • User B shows up in the find user API but when selected no record is displayed on the form as user A doesn’t have permission on B.

Keywords

SuccessFactors, SF, Advanced, Filters, Executive, Review, API, Search, Result, Permission, RBP, Find, User, API , KBA , LOD-SF-CMP-EXR , Executive Review , Problem

Product

SAP SuccessFactors Compensation all versions ; SAP SuccessFactors HXM Suite all versions