Can you clarify what you mean by "there are no security assignments at user level, or security configurations on data application roles?"

It sounds like they can get into FDI, which is 1 step of the security. But the 2nd step is ensuring in FDI that Security > Application Roles have HCM Security Groups assigned appropriately, which dictates what people users are allowed to see.

For instance, in the screenshot below the Workforce Core Analysis Duty (red box) is the Workforce Core information. In order to see that data a user must have the Human Resource Analyst, Human Resource Analyst - View All, etc (yellow box) in their HCM Security profile.

There are default out of the box groups assigned to each subject area, but our organization had to add the "View All" group in FDI because that is not default. Before we added that group, users who had "View All" couldn't see anything. This also must be done for every subject area, i.e. Recruiting Subject Area uses the Recruiter roles.

Have you looked at the Data Security for these users.

By default, Fusion users are denied access to all data.

Data security makes data available to users by the following means.

• Policies that define grants available through provisioned roles
• Policies defined in application code

You secure data by provisioning roles that provide the necessary access.