In both our test and production environment we have noticed that user can edit custom objects such as time Off
USE CASE EXAMPLE: after time off approval an employee can edit the time off request and change the externalCode externalName Payroll Code
How to prevent this?
How to set permission on the objects?
Reproducing the Issue
Reproducing the above use case
This is an example, however all custom object are susceptible to such unauthorise editing
In this case the user is able to edit the time of object after it has been approved
The user is able to make changes to external code and successfully save the change. an action that can impact payroll
The object has not been secured and
the RBP has not been configured
1- Secure the object and
2- Configure RBP
The below configuration means that, the object RPB will be defined in Miscellaneous
Once the above configuration is done, the object will now appear in the select area, in this case we have chosen Miscellaneaous.
As you can see, user does not have editing right anymore, therefore will not be able to make any change but can view the details.
Object Permissions MDF Permissions Object RBP MDF RBP , KBA , LOD-SF-EC-RBP , Roles & Permissions , LOD-SF-EC-MDF , MDF & EC2MDF Migration , LOD-SF-FWK , Architecture Framework & Extensions , How To