3570096 - Workflow approver can Edit All Fields even without permissions

• The workflow approver is able to edit all fields, even not having all the permissions to.
• In the second workflow request, the approver can edit the fields that should be view only.

SAP SuccessFactors HCM Suite

1. An employee creates a new record in the MDF selecting a request type and filling all required fields. The workflow is then sent to the manager.
2. The manager receives the workflow with some fields editable and others not. The manager approves the workflow which then goes to the second approver.
3. The second approver approves the workflow. The same employee creates a new record in the MDF, selecting a different request type and filling all required fields. The workflow is sent to the manager.
4. The manager receives the workflow but this time, all listed fields in the workflow are editable.

The Role Based Permissions (RBP) functions as the union of all permissions roles. This means that a user will be granted the highest level of access from any of the roles assigned to them. If one role provides read access, another role provides no access, and yet another role provides edit access, the user will ultimately be granted edit access. 

1. Identify the roles that are providing the highest level of access.
2. Remove or adjust the permissions of these roles to restrict the access level.
3. Test the changes by creating a new workflow and checking the editable fields.

Role Based Permissions, MDF, Workflow, Editable Fields, Access Level, Manager, Employee, Second Request, Highest Access, Permissions Roles, field override , KBA , LOD-SF-PLT-RBP , Role Based Permissions , LOD-SF-MDF-WFL , Custom Object based Workflows , LOD-SF-MDF-RBP , RBP Permissions on Objects , How To