Make sure that the people search box embedded into many of the Talent screens does not circumvent security access rules set up by legal entity. Currently, if a person has no personnel management access in a given legal entity, they can still type names into the search box, click on the results, and see user information from entities they do not have access to. This information includes sensitive details like identification numbers, emergency contacts, and many other things linked to the worker record.

I have reported this to Microsoft as a security bug, and they directed me to place this idea here instead of addressing it through the standard maintenance process.
Category: General
Under Review
Ideas Administrator

Thank you for your suggestion. We’re considering this functionality for a future release.

This posting is provided “as is” with no warranties, and confers no rights.