SAP Knowledge Base Article - Public

3404958 - Permissions-Policy header - Recruiting Marketing

Symptom

Permissions-Policy header is missing for Recruiting Marketing (RMK) site.

Environment

  • SAP SuccessFactors Recruiting Management
  • SAP SuccessFactors Recruiting Marketing

Resolution

Architecture and Security teams have reviewed SAP‘s position on Permissions-Policy header.

Security headers are only a second line of defense and an optional security setting. They are not a security vulnerability on their own. 
Permissions-Policy header is currently not a security standard for SAP. Security and Architecture teams state that there is no security risk or gap in this area.
Therefore, we will not be enhancing Career Site Builder product to support the configuration and management of Permissions-Policy header.

To verify the feasibility of having this included in a future version of the system, please submit this enhancement request to our Influence Page by following the instructions available in the article 2090228.

See Also

2090228 - How to submit enhancement ideas for SAP SuccessFactors Products

Keywords

RMK, CSB, Permissions-Policy header, permission policy, security header , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , LOD-SF-RMK-PSI , Security , Product Enhancement

Product

SAP SuccessFactors Recruiting all versions