Symptom
- Users are able to access Manage Pending Hire Data, even though they don't have permissions.
- This unauthorized access is achieved by using a hardcoded URL (like saved in bookmarks).
Environment
SAP SuccessFactors HCM Suite
Reproducing the Issue
- Login to instance;
- Proxy as a user who does not have "manage pending hire" permission;
- Access the hardcoded URL for Manage Pending Hires.
Cause
This is a known code issue that will be fixed.
Resolution
Engineering team has confirmed that the code fix is planned to be released in the 2H2024 (October 14th for Preview and November 15th for Production). After the fix, if a user tries to access the MPH using a hardcoded link without having the "manage pending hire" permission, they will see a "no permission" error message on the screen.
Keywords
Unauthorized Access, Manage Pending Hire Data, SAP SuccessFactors Platform, Data Privacy, GDPR Compliance, Hardcoded URL, Proxy User, INC9322503, ECT-243041 , KBA , LOD-SF-EC-INT-UI , MPH UI & Column Config Tool , LOD-SF-EC-HIR , Hire & Rehire Wizards , Known Error