Users with ITIL role and NO HR roles are able to see some HR Cases details (ifor example, short_description, assigned_to) in the task.list list view.
Steps to Reproduce
1. Activate the HR Scoped App plugin.
2. Impersonate (or log in as) ITIL User.
3. Navigate to task.list and search for "number starts with HRC".
You might need to skip a few pages until some records are displayed
Note that information about the HR Cases can be seen on task.list list view (for example, Number, Priority, State, Assigned to, Short description) although no information about any HR Cases should be visible to the ITIL users (except for the cases opened by that user).
Apply this workaround to all HR Cases COE ACLs:
var lcns = new sn_hr_core.hr_license(); var hasAccess = lcns.hasHrAccess(current.getTableName()); var impersonateCheck = new sn_hr_core.hr_CoreUtils().impersonateCheck(); if (impersonateCheck || !hasAccess) answer = false; else if(new hr_Case(current, gs).canReadCase()) answer = true; else answer = false;
Related Problem: PRB1283214