3527151 - User without Manage Data access is able to change Time Type - Employee Central

An employee without permission to Manage Data was found to have last updated a time type.

SAP SuccessFactors Employee Central

While checking a Time Type, you see that a user without Manage Data access has updated it.

User has permission to edit the Time Type object, under category "Time Management Object Permissions".

When they access a pending Time Off workflow on "View My Pending Requests", the Time Type details are shown. With the Edit Permission granted for the object, the employee is able to change time type details.

Remove the Edit permission for the Time Type object for employees who should not be able to edit.

1. Go to Manage Permission Roles.
2. Open the role where the permission is granted
3. Click to edit.
4. Search for Time Type.
5. Remove the Edit permission.
6. Save the changes.
7. Check other permissions and roles as well, depending on business requirements.

2318854 - Employee Central - Time Off

SAP SuccessFactors, Employee Central, Workflow, Attendance Type, Manage Data, Permissions, Security Breach, TimeType, Role-Based Permissions, time type, view my pending requests, edit object, time off objects  , KBA , LOD-SF-EC-TIM , Time Off , LOD-SF-EC-RBP , Roles & Permissions (EC Core only) , Problem

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Suite all versions