Get Started with Redwood for Oracle Cloud HCM Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
Data vulnerability in TBE Recuit
Content
We have had a issue with taleo which I believe is a recent change in the configuration and I wonder if anyone else has had the same thing.
Basically we have found that a anyone with a 'Hiring Manager' role is able to see ALL requisitions and associated Candidates even if they are not down as an Owner or Approver. All they need to do is find (or guess) the URL and the data is there to see.
i.e. https://tbe.taleo.net/NA3/ats/requisitions/RequisitionView.jsp?act=show&id=**** (where **** is the role number)
0