HR profile and HR case security

Because HR profile information is sensitive and confidential, it is secured from being viewed by the system administrator. The same is true for some of the information in HR cases and HR tasks.

In the system, system administrators with the admin role are able to perform all tasks and view all data. However, HR profile information is confidential and should be viewed only by authorized HR personnel who are assigned a role that includes hr_profile_reader or hr_profile_writer, such as hr_basic.

Similarly, for HR cases and HR tasks, only authorized HR personnel should be allowed to view attachments, work notes and comments, description, calendar, and payload (if your company configured the form to show the Payload field). Authorized HR personnel include those who are assigned a role with hr_case_reader and hr_task_reader, such as hr_basic.

Therefore, access to specific HR profile, case, and task data is restricted from view by users with the admin role.

HR profile information that system administrators can access

System administrators cannot create a new HR profile. They can see the list of HR profiles and open HR profile records, but have access only to the following information.
  • The HR profile number and employee's prefix.
  • Employment information that is synchronized with the user record [sys_user]. This includes name, employee number, department, manager, and location.
  • Work contact information, such as work email address and work phone number. Personal information is hidden.
  • Comments. Work notes are hidden.
  • Information that appears in the following related lists.
    • Emergency Contacts
    • Employment History
    • Direct Reports
    • Colleagues
    • Cases

HR case and HR task information that system administrators can access

System administrators can view the employee user information, such as location and department, and the short description. Activities, such as state changes, are displayed in the activity stream, but comments and work notes are hidden.

When the system administrator opens an HR case or HR task, a message describes the information that is not displayed.

Impersonating a user

If the system administrator impersonates a user, even if the impersonated user has an HR role that allows access to the HR profile, the system administrator is restricted from viewing HR profile information. The following constraints are applied when a user is impersonated.
  • If the impersonated user has HR profile access, the HR profile list displays a message that the records are removed based on security constraints. No HR profile records are listed.
  • For any impersonated user, the My Profile link from the HR Service Portal displays no profile information. It displays only information in the related lists described above.