You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Share Data Access - Potential security breach if manager shares access to themselves

Received Response
78
Views
6
Comments
edited Mar 23, 2023 5:53AM in Human Resources 6 comments

Summary:

Currently a manager is able to use My Team > Share Data Access quick action to share a person to themselves. This is a security concern for employees with multiple assignments, because the Manager now has access to the employment information and quick actions for ALL assignments (including those not for which they are not the manager).

Has anyone else faced this issue? We have auto-approval enabled (intentionally) for the Share Information approval rule.

We are looking into configuring auto-rejection of requests where Initiator = Recipient. We've also logged SR with oracle.

Content (required):

Scenario:

1. Employee has three assignments:

    - Assignment A which reports to Manager A

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!