Thank you for supporting the Cloud Customer Connect Community in 2024. It's a gift to work with you!

Look back
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Get Started with Redwood for Oracle Cloud HCM   Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.

For more information, please refer to this announcement explaining best practices for getting answers to questions.

Share Data Access - Potential security breach if manager shares access to themselves

edited Mar 23, 2023 5:53AM in Human Capital Management 6 comments

Summary:

Currently a manager is able to use My Team > Share Data Access quick action to share a person to themselves. This is a security concern for employees with multiple assignments, because the Manager now has access to the employment information and quick actions for ALL assignments (including those not for which they are not the manager).

Has anyone else faced this issue? We have auto-approval enabled (intentionally) for the Share Information approval rule.

We are looking into configuring auto-rejection of requests where Initiator = Recipient. We've also logged SR with oracle.

Content (required):

Scenario:

1. Employee has three assignments:

    - Assignment A which reports to Manager A

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!