Symptom
An employee without permission to Manage Data was found to have last updated a time type.
Environment
SAP SuccessFactors Employee Central
Reproducing the Issue
While checking a Time Type, you see that a user without Manage Data access has updated it.
Cause
User has permission to edit the Time Type object, under category "Time Management Object Permissions".
When they access a pending Time Off workflow on "View My Pending Requests", the Time Type details are shown. With the Edit Permission granted for the object, the employee is able to change time type details.
Resolution
Remove the Edit permission for the Time Type object for employees who should not be able to edit.
- Go to Manage Permission Roles.
- Open the role where the permission is granted
- Click to edit.
- Search for Time Type.
- Remove the Edit permission.
- Save the changes.
- Check other permissions and roles as well, depending on business requirements.
See Also
2318854 - Employee Central - Time Off
Keywords
SAP SuccessFactors, Employee Central, Workflow, Attendance Type, Manage Data, Permissions, Security Breach, TimeType, Role-Based Permissions, time type, view my pending requests, edit object, time off objects , KBA , LOD-SF-EC-TIM , Time Off , LOD-SF-EC-RBP , Roles & Permissions (EC Core only) , Problem