SAP Knowledge Base Article - Public

3200935 - Users are able to see all employees data despite of their target group - Onboarding

Symptom

Some users, like HR Managers, HR Representatives, are being able to access and see all the data present of the company's employees as well as the new hires, even though there is a present target population that is not configured that way for this role, it is configured only for a country or for a specific part of the company.

Environment

SAP SuccessFactors Onboarding

Cause

This behavior can be related to the permissions granted, if it's a business requirement to the HR Role to be able to cancel the Onboarding and Offboarding process, the following permissions have to be granted:

• Employee Central HRIS OData API (editable) and
• Employee Central HRIS OData API (read-only)

These two permissions will also grant the user with it the ability to see all company's data, as if this is enabled then OData will bypass all permissions and return all data.

Resolution

The permissions "Employee Central HRIS OData API (editable)" and "Employee Central HRIS OData API (read-only)" are necessary to perform Onboarding Cancel, they must be provided only to admin users within the Organization.

It is not possible today with the system design that we have to restrict these permissions, and still grant the Cancel Onboarding availability.

if you believe this is a potential system Enhancement, we recommend raising an Enhancement Request, in order to do that please follow the steps on this KBA - 2090228 - How to Submit Ideas for SAP SuccessFactors Products.

See Also

2090228 - How to Submit Ideas for SAP SuccessFactors Products

Keywords

Cancel, Hiring Manager, recruiter, group, see, data, PII , KBA , LOD-SF-OBX-ADM , Admin UI , Problem

Product

SAP SuccessFactors Onboarding all versions