Security Issue with Recruiting — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Security Issue with Recruiting

in Recruiting, Opportunity Marketplace 1 comment

Summary:

Security Issue with Recruiting when candidate has an O Assignment record (i.e. Offer, rejected)

Content (please ensure you mask any confidential information):

Hi,

We found an issue with the following scenario, which seems like a loophole. Can someone please advise?

  1. Ex-employee Candidate (Company A) applied via ORC (applied to Company B) and received an offer, and rejected the offer. This created O Assignment for that Ex-employee for Company B.
  2. HR from Company B access Person Security Profile secured by AoR Company B with "Candidate with Offer" checked.
  3. When that O Assignment is created from the offer, HR from step 2 suddenly has access to all CoreHR data of that Ex-Employee when they were back in Company A.
Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!