Employee record security
Employee record security restricts access to employee records. To secure employee records, HR security uses the record level security assigned to a user login by the environment. Record level security consists of a one-digit security level and a ten-digit security location.
A user can be associated with more than one security level and security location combination.
Within the HR application, a security level and security location is assigned to the employee record.
When a user tries to access an employee record, the HR application compares the security code you have assigned to the employee record to the user's record levels to determine if the user has access to the record. The HR application performs two checks to ensure the user has access to the employee record:
-
Check 1: The user's security location must match the security location on the employee record exactly to have access to any of the fields on the employee record.
-
Check 2: If the user's security location matches security location of the employee record, the application then checks the security level. The security level of the user's record level must be equal or less than the security level of the employee record for the user to have access to the fields on the employee record.
For a user to have access to all locations, the record level security location established in the environment must be all asterisks (*). The user's security level is still checked against the security level of the employee record for appropriate access.
Employee records can be assigned a Security Level of 9 and a Security Location of 9999999999 to be open to all users. If you do not assign a security level or security location on the employee record, they default from the department, process level, or company (in that order).
Example
The following user profiles are set up in the environment:
|
User Name: Jonathan
Stewart
Note: Jonathan has access to all employee
records
|
User Name: Grace Whitby Note: Grace has access to all
employees in HRPAY and HRBEN but limited access to employees in INTL
|
User Name: Kelsey Wavey Note: Kelsey has access to HRPAY
employees with a security level of 3 or higher.
|
User Name: Paul Jordan Note: Paul has access to HRPAY employees
with a security level of 6 or higher.
|
| Position: PRES | Position: HRVP, ITNL | Position: HRPAYMGR | Position: HRPAYSUP |
| Record Level Security: | Record Level Security: | Record Level Security: | Record Level Security: |
|
Level: 1 Location: ********* |
Level: 1 Location: Ten character code for HRPAY Level: 1, Location: Ten character code for HRBEN Level: 5, Location: Ten character code for INTL |
Level: 3 Location: Ten character code for HRPAY |
Level: 6 Location: Ten character code for HRPAY |
The following chart shows employee security codes and which of the users defined above can access them.
| Employee | Security Level | Security Location | Accessed by | Reason user cannot access |
|---|---|---|---|---|
| 1 | 7 | Ten digit code for HRPAY | All | |
| 2 | 3 | Ten digit code for HRPAY | Jonathan, Grace, and Kelsey | Paul's level is higher than employee #2. |
| 3 | 2 | Ten digit code for HRPAY | Jonathan and Grace | Kelsey and Paul's levels are higher than employee #3 |
| 4 | 3 | Ten digit code for INTL | Jonathan | Grace's level is too high and Kelsey and Paul's location do not match employee #4. |
| 5 | 9 | Ten digit code for FIN | Jonathan | Grace, Kelsey, and Paul's locations do not match. |