SAP Knowledge Base Article - Public

2400348 - Application Fields exposed to Recruiting Operator roles post B1611 Release although no permissions are granted

Symptom

Recruiters are able to view and\or edit Application fields although no permissions are granted post Q4 Release (B1611)

Environment

SuccessFactors Recruiting Management - B1611

Reproducing the Issue

  1. Recruiter log in to SuccessFactors;
  2. Go to Recruiting;
  3. Job Requisitions;
  4. Access Candidates;
  5. Issue: Recruiter is able to view and edit Application Fields although permissions are not granted.

Cause

SuccessFactors Recruiting had a defect where interviewers were not allowed to access resumes of the application they were interviewing. This only affected user that were interviewers but were not assigned as recruiting operators to the job req (Recruitir, Hiring Manager, HR Admin…etc). The interviewer role could be anyone. It is not defined the same way a recruiter or hiring manager would be defined on a job req, which gives the latter 2 roles abilities on the job req, and subsequent applications.

SuccessFactors Recruiting engineering team created a code-fix for this permissioning issue. The solution was to allow the user in the interviewer role to ignore the restrictions, so that the resume would be available. A defect was introduced in this code-fix where everyone with access to the application would also ingot restrictions. This is why as recruiting operators to the job req saw fields they were not permissioned to be seen.

In the aftermath of this defect, the Recruiting engineering and QA teams will review procedures so such mistakes will not recur.

Resolution

A fix code has been deplyed via an emergency patch on December 8th.

Keywords

Application, Fields, Permissions, Confidential information, EEO, Regression, Release, B1611, , KBA , LOD-SF-RCM , Recruiting Management , Problem

Product

SAP SuccessFactors Recruiting all versions