For more information, please refer to this announcement explaining best practices for getting answers to questions.
Share Data Access - Potential security breach if manager shares access to themselves
Summary:
Currently a manager is able to use My Team > Share Data Access quick action to share a person to themselves. This is a security concern for employees with multiple assignments, because the Manager now has access to the employment information and quick actions for ALL assignments (including those not for which they are not the manager).
Has anyone else faced this issue? We have auto-approval enabled (intentionally) for the Share Information approval rule.
We are looking into configuring auto-rejection of requests where Initiator = Recipient. We've also logged SR with oracle.
Content (required):
Scenario:
1. Employee has three assignments:
- Assignment A which reports to Manager A