Security Issue with Recruiting
Summary:
Security Issue with Recruiting when candidate has an O Assignment record (i.e. Offer, rejected)
Content (please ensure you mask any confidential information):
Hi,
We found an issue with the following scenario, which seems like a loophole. Can someone please advise?
- Ex-employee Candidate (Company A) applied via ORC (applied to Company B) and received an offer, and rejected the offer. This created O Assignment for that Ex-employee for Company B.
- HR from Company B access Person Security Profile secured by AoR Company B with "Candidate with Offer" checked.
- When that O Assignment is created from the offer, HR from step 2 suddenly has access to all CoreHR data of that Ex-Employee when they were back in Company A.
0