- Alternate Route User Steps seen in a route map that were not there to begin with
- Performance Management
Reproducing the Issue
- Why are Alternate Route User Steps being added to a form route map?
- An Alternate Route User Step is also known as a U Step, meaning User Step where you have added a specific person to the route map.
- So rather than adding a role such as EM you want to define a specific person such as Mary Jane.
- You add a U step to the route map and define it with username = mjane for example.
- A U step will also be automatically added to a form's route map whenever ANYONE that was not already in the route map was inserted at a later time. Most often you will see this happen due to Manager transfers and the document transfer option to "Insert New Manager as Next Document Recipient if Not Already" is enabled in your form template.
- If there are multiple manager changes, or changes to ANY role defined in your route map you may see multiple Alternate Route User Steps being added.
Step Added Every Day
- If you see steps being added every day, then this is an indication that in your nightly user data file (employee import) import you have some invalid relationship changes occurring causing the U Step to be repeatedly added.
- People now seeing content they are not meant to see:
- When your template and route map is set up, it is not uncommon for some clients to use the asterisk role * to grant permission to all roles at a step or steps. Then remove permissions by revoking those at specific steps. This approach is not the recommended approach and introduces security risks when a new unplanned step is added to your form for any reason. It could be added by system as discussed above, or admin might have added a new step at some point. Since you use * permission, now any person getting the form in this new step now sees information they were blocked from seeing in the normal workflow. The only solution for a live form is to route it our of this new step into one that was originally setup with permissions.
- Going forward this security hole might be possible to reduce by a change in the logic you have currently set for role permissions per step, by adding in permissions to account for someone or system adding a Alternate Route U Step, so that that scenario is covered.
- Reminder: fully test any change to workflows and permissions, including completed steps before relaunching to end users.
KBA , sf routing maps , LOD-SF-PM , Performance Management , How To
SAP SuccessFactors HCM Core all versions