Symptom
Some users, like HR Managers, HR Representatives, are being able to access and see all the data present of the company's employees as well as the new hires, even though there is a present target population that is not configured that way for this role, it is configured only for a country or for a specific part of the company.
Environment
SAP SuccessFactors Onboarding
Cause
This behavior can be related to the permissions granted, if it's a business requirement to the HR Role to be able to cancel the Onboarding and Offboarding process, the following permissions have to be granted:
• Employee Central HRIS OData API (editable) and
• Employee Central HRIS OData API (read-only)
These two permissions will also grant the user with it the ability to see all company's data, as if this is enabled then OData will bypass all permissions and return all data.
Resolution
The permissions "Employee Central HRIS OData API (editable)" and "Employee Central HRIS OData API (read-only)" are necessary to perform Onboarding Cancel, they must be provided only to admin users within the Organization.
It is not possible today with the system design that we have to restrict these permissions, and still grant the Cancel Onboarding availability.
if you believe this is a potential system Enhancement, we recommend raising an Enhancement Request, in order to do that please follow the steps on this KBA - 2090228 - How to Submit Ideas for SAP SuccessFactors Products.
See Also
Keywords
Cancel, Hiring Manager, recruiter, group, see, data, PII , KBA , LOD-SF-OBX-ADM , Admin UI , Problem