HR profile and HR case security Because HR profile information is sensitive and confidential, the System Administrator [admin] cannot view it. The same is true for some of the information in HR cases and HR tasks. HR administrators [sn_hr_core.admin] are able to perform all tasks and view all data. However, HR profile information is confidential and viewed only by authorized HR personnel who are assigned a role that includes sn_hr_core.profile_reader or sn_hr_core.profile_writer, such as hr_basic. For HR cases and HR tasks, only authorized HR personnel are allowed to view attachments, work notes and comments, description, calendar, and payload (configurable). Authorized HR personnel are assigned a role with sn_hr_core.case_reader and sn_hr_core.case_writer, such as sn_hr_core.basic. Therefore, access to specific HR profile, case, and task data is restricted from view by users with the HR system admin role. HR profile information that system administrators can access System Administrators cannot create an HR profile. They can see the list of HR profiles and open HR profile records, but have access only to the following information. The HR profile number and prefix of an employee. Employment information that is synchronized with the user record [sys_user]. This information includes name, employee number, department, manager, and location. Work contact information, such as work email address and work phone number. Personal information is hidden. Information that appears in the following related lists. Employment Information Contact Information Beneficiaries Who is Covered Emergency Contacts Direct Reports Colleagues Cases HR case and task information accessible by HR Administrators HR Administrators can view the employee user information, such as location and department, and the short description. Activities, such as state changes, are displayed in the activity stream, but comments and work notes are hidden. System Administrators cannot view this information. When the HR Administrator opens an HR case or HR task, a message describes the information that is not displayed. Impersonating a user Navigate to HR Administration > Properties. Scroll to If true, ACLs check if the user is being impersonated. Check Yes (true) to enable impersonating a user. The purpose of this property is to restrict a System Administrator [admin] with no HR role from impersonating a user with HR roles. It also prevents access to HR profile information and executing HR functions. If the impersonated user has HR profile access, the HR profile list displays a message that the records are removed based on security constraints. No HR profile records are listed. For any impersonated user, the My Profile link from the HR Service Portal displays no profile information. It displays only information in the related lists. When the If true, ACLs check if the user is being impersonated property is set to true (Yes) a user impersonating another user with higher access is prevented from viewing or editing sensitive information.Note: This property was introduced in a prior release for the HR Service Delivery Legacy application and not applicable to the HR Services Delivery scoped application.