For more information, please refer to this announcement explaining best practices for getting answers to questions.
Data Security is behaving differently between Person Management and Directory
Summary:
Data Security is behaving differently between Person Management and Directory
Content (please ensure you mask any confidential information):
We have custom security roles with data security defined as custom SQL that refers to a department DFF. Historically the behavior between Person Management and new UI pages such as Directory or Quick Actions has been the same but now we’re seeing differences. The person management access is still accurate based on the person security profile and records are unavailable but the directory and quick actions are not and they can see records they should not see. Has anyone had similar challenges? We are aware custom SQL is not the recommended approach but it's the only solution that met our current business requirements.