Timesheet of one user is visible to other users

Document ID : KB000110890
Last Modified Date : 15/08/2018
Show Technical Document Details
Question:
User aaaa has a timesheet, and his timesheet is visible to another user, user bbbb.  Why?
These two users are not in the same Project Team.
Answer:
User bbbb has 'Resource - Enter Time' instance access right to user aaaa, and this right is granted via a group.   

Example: 
User bbbb has the following access rights:   
1. Resource - Enter Time.  Assigned via ADMINISTRATION, RESOURCES > Page: Instance Access Rights (userInstanceRights) 
2. Resource - Enter Time. Assigned via ADMINISTRATION, GROUPS : Base User > Page: Instance Access Rights (groupInstanceRights) 

[Definition of Resource - Enter Time access right is: Allows user to complete and submit timesheets for a resource.] 

To confirm from the PPM UI:  
1. Navigate to Administration - Organization and Access - Groups 
2. Select group name 'Base User' 
3. Click on the Group's Access Rights - Instance 
4. Click on the 'Resource - Enter Time' link  
5. The next page displays a list of resources, and it contains user bbbb.   

To confirm using a query: 
SELECT  
   CMN_SEC_USERS.USER_NAME, 
   SRM_RESOURCES.LAST_NAME TS_RES_LAST_NAME, 
   SRM_RESOURCES.FIRST_NAME TS_RES_FIRST_NAME 
FROM cmn_sec_assgnd_obj_perm aop, 
  cmn_lic_right_v l, 
  cmn_sec_user_groups ug, 
  cmn_sec_users, 
  SRM_RESOURCES 
WHERE l.ID                  = aop.RIGHT_ID 
AND aop.PRINCIPAL_ID        = ug.GROUP_ID 
AND cmn_sec_users.ID        = ug.USER_ID 
AND SRM_RESOURCES.ID        = aop.OBJECT_INSTANCE_ID 
AND (aop.PRINCIPAL_TYPE     = 'GROUP' 
AND L.GROUP_CODE            = 'ResourceEnterTime' 
AND cmn_sec_users.USER_NAME = '<username>')       <== change <username> to the value of field User Name