sashton
Reputable Poster
Since the announcement that portlets can now be accessed from within E1 pages, we are experimenting with getting rid of a separate portal server and just using an E1page for self service options. We have run into a glaring security loophole. We are unable to remove the databrowser option from the Tools menu that is available by default on every application. For example, I have an E1 page for Employee Self Service options to allow users to view their pay stubs or view their personal profile. Once they are in that application, they can click Tools...databrowser and then browse through all the employee profiles with salary information or paystubs for any employee. I cannot nor do I want to remove ALL databrowser access either, because when they go to another app or page for other legitimate options in their role, they need to be able to open databrowser and view that data. Are there any options besides having multiple user accounts to hide or allow databrowser access?