Security Issue

We are in the process of implementing Axapta 3.0 and have found a major security flaw in the Axapta Portal due to which we cannot implement right now.

If I login to the portal with my user name and password, I see all my personal details as well as salary information. However, the url in the address box clearly displays my employee id and if I change the id to someone else’s Id and hit Enter, I can see that employees data on my screen.

Anyone faced this before? And if so, any solutions please.



Out of the box Employee portal doesn’t provide this functionality. Are you using a bespoke application?

Best wishes,