SAP Knowledge Base Article - Public

3527151 - User without Manage Data access is able to change Time Type - Employee Central

Symptom

An employee without permission to Manage Data was found to have last updated a time type.

Environment

SAP SuccessFactors Employee Central

Reproducing the Issue

While checking a Time Type, you see that a user without Manage Data access has updated it.

Cause

User has permission to edit the Time Type object, under category "Time Management Object Permissions".

When they access a pending Time Off workflow on "View My Pending Requests", the Time Type details are shown. With the Edit Permission granted for the object, the employee is able to change time type details.

Resolution

Remove the Edit permission for the Time Type object for employees who should not be able to edit.

  1. Go to Manage Permission Roles.
  2. Open the role where the permission is granted
  3. Click to edit.
  4. Search for Time Type.
  5. Remove the Edit permission.
  6. Save the changes.
  7. Check other permissions and roles as well, depending on business requirements.

See Also

2318854 - Employee Central - Time Off

Keywords

SAP SuccessFactors, Employee Central, Workflow, Attendance Type, Manage Data, Permissions, Security Breach, TimeType, Role-Based Permissions, time type, view my pending requests, edit object, time off objects  , KBA , LOD-SF-EC-TIM , Time Off , LOD-SF-EC-RBP , Roles & Permissions (EC Core only) , Problem

Product

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Suite all versions