HR Profile Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-17-2022 12:52 AM
We are considering applying HRSD, which has already been implemented globally, to Japan.
We want to control access to sensitive information such as HR Profile and Job by country, region, etc.
e.g.) HR staff in Japan can only access HR Profile and Job data of employees in Japan.
If we were to do this, we are thinking of using ACLs to control access based on the user's affiliation information (e.g., company, location, etc.).
If you have any other information on how to do this, or if you have done this in an actual case, please let us know.
- Labels:
-
HR Service Delivery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-17-2022 09:03 PM
Hi
Because HR profile information is sensitive and confidential, the System Administrator [admin] cannot view it. The same is true for some of the information in HR cases and HR tasks.
HR profile information is confidential and viewed only by authorized HR personnel who are assigned a role that includes sn_hr_core.profile_reader or sn_hr_core.profile_writer, such as hr_basic.
For HR cases and HR tasks, only authorized HR personnel are allowed to view attachments, work notes and comments, description, calendar, and payload (configurable). Authorized HR personnel are assigned a role with sn_hr_core.case_reader and sn_hr_core.case_writer, such as sn_hr_core.basic.
HR administrators [sn_hr_core.admin] will be able to perform all tasks and view all data.
HR profile information that system administrators can access
- The HR profile number and prefix of an employee.
- Employment information that is synchronized with the user record [sys_user]. This information includes name, employee number, department, manager, and location.
- Work contact information, such as work email address and work phone number. Personal information is hidden.
- Information that appears in the following related lists.
- Employment Information
- Contact Information
- Beneficiaries
- Who is Covered
- Emergency Contacts
- Direct Reports
- Colleagues
- Cases
HR case and task information accessible by HR Administrators
HR Administrators can view the employee user information, such as location and department, and the short description. Activities, such as state changes, are displayed in the activity stream, but comments and work notes are hidden. System Administrators cannot view this information.
When the HR Administrator opens an HR case or HR task, a message describes the information that is not displayed.
An HR case can be created from an HR profile. Click Create New Case under Related Links and Case Creation appears.
Impersonating a user
- Navigate to HR Administration > Properties.
- Scroll to If true, ACLs check if the user is being impersonated.
- Check Yes (true) to enable ACLs to check when a user is impersonating another user and prevent the user from viewing HR information.
- Even if the logged in user has HR access and impersonates another HR user with the same access, HR information is not visible.
Note: This property was introduced for the HR Service Delivery scoped application and not applicable to the HR Services Delivery Non-scoped application.
See Restricted caller access for HR.
See Manage HR roles.
Also, as per this post , its Better to go with query business rules to restrict the records visibility because if you use ACLs then if user is not having access to any record then message shown would be records hidden due to security constraints and that message could be annoying
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-20-2022 12:57 AM
Hi
Any update to this ?Any follow-up required? if not
Kindly mark the answer as Correct & Helpful both such that others can get help.
Thanks,
Sandeep

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-18-2022 09:20 AM
There are two approach based on your requirement:
1) If you like to control HR Profiles from Service Portal, you can use HR Criteria to control HR profile page access by Job by country, region, etc.
2) If you like to control HR Profile form/table access from backend instance, you need to create Read ACL to grant access by login user's location.
If my reply is Helpful/Correct, please mark the answer as Helpful/Correct.