You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Data vulnerability in TBE Recuit

edited Aug 14, 2012 4:44AM in Taleo Business Edition (TBE)

Content

We have had a issue with taleo which I believe is a recent change in the configuration and I wonder if anyone else has had the same thing.

Basically we have found that a anyone with a 'Hiring Manager' role is able to see ALL requisitions and associated Candidates even if they are not down as an Owner or Approver. All they need to do is find (or guess) the URL and the data is there to see.

i.e. https://tbe.taleo.net/NA3/ats/requisitions/RequisitionView.jsp?act=show&id=**** (where **** is the role number)

This has been a huge issue for us as a Director role was published in Taleo and all the internal candidates (who happen to be Hiring Managers on other reqs) could see who else applied and the associated data.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!