Security Issue with Recruiting — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Security Issue with Recruiting

Summary:

Security Issue with Recruiting when candidate has an O Assignment record (i.e. Offer, rejected)

Content (please ensure you mask any confidential information):

Hi,

We found an issue with the following scenario, which seems like a loophole. Can someone please advise?

  1. Ex-employee Candidate (Company A) applied via ORC (applied to Company B) and received an offer, and rejected the offer. This created O Assignment for that Ex-employee for Company B.
  2. HR from Company B access Person Security Profile secured by AoR Company B with "Candidate with Offer" checked.
  3. When that O Assignment is created from the offer, HR from step 2 suddenly has access to all CoreHR data of that Ex-Employee when they were back in Company A.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!