3630691 - Manage Workflow Request does not respect Object Level Permission

Symptom

User has permission role to access Manage Workflow Requests with target "All (Employees)" and "Exclude granted users from having the same access to themselves." enabled, but does not have access to Position Object. However is able to view the Position Workflows in Manage Workflow Requests.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HCM Suite
SAP SuccessFactors Employee Central

Reproducing the Issue

Proxy as user
Go to Manage Workflow Requests
Search for
Request Type: Change Generic Object Action
Object: Position
See the Position Workflows for all employees.

Cause

Expected Behavior.

Target within the Permission Role is only applicable for employees. If the user has Permission granted to Manage Workflow Requests, the access is fully granted to MDF objects (like Position).

Meaning that even with the option "Exclude granted users from having the same access to themselves" enabled, the user will still be able to view the Position Workflows in Manage Workflows Request, however will not be able to act on it (like approve/comment).

Resolution

In case this is important to your business, we encourage you to submit an idea for SAP SuccessFactors Products to have this functionality considered within future development cycles.

Please consider opening an enhancement request. For detailed steps on How to Submit Ideas for SAP SuccessFactors Products, please refer to KBA 2090228.

Keywords

manage workflow requests, permission role, RBP, MDF, object, object level, role-based permission, target, All (Employees), Exclude granted users from having the same access to themselves, Position, view, approve, workflow, , KBA , LOD-SF-EC-WFL , Workflows - Configuration, Tools, Objects & Rules , Product Enhancement

Product

SAP SuccessFactors Employee Central all versions ; SAP SuccessFactors HCM Suite all versions