Previous  Next          Contents  Index  Navigation  Glossary  Library

Security Profiles

The security profile attached to a responsibility determines which applicant and employee records are available to holders of that responsibility. You associate a security profile with work structures. The records of employees and applicants assigned to these work structures are then accessible to holders of the responsibility.

The work structures you can name in security profiles are:

Organizations and Organization Hierarchy

To set up a security profile that permits access to employee records of certain organizations only, you make use of organization hierarchies. You can build any number of additional hierarchies to meet your security requirements.

For example, suppose you build this Sales Organization hierarchy:

You can create a security profile that permits access to employee records throughout the sales organization. This profile references the Sales Organization hierarchy. It names the Sales Department as the highest organization in the hierarchy through which profile holders have access to employee records.

Next, you want the directors of the two sales regions to have access to all employee records in their region only. You create Eastern and Western Sales Director security profiles. These profiles also reference the Sales hierarchy. But, they name the Eastern and Western Regions, respectively, as the top organizations for these profiles' access to employee records.

When you name an organization as the top organization, you specify whether it is inclusive or not. You must include the top organization if you want holders of the profile to access records of people assigned to the top organization.

Positions and Position Hierarchies

After establishing limits on record access using organization hierarchies, you can further restrict access by means of position hierarchies.

Suppose, for example, within the Sales Department, you want to give the Sales Research Director access to her subordinates' records only. You can start by building the following Sales Positions Hierarchy:

Now you create the Sales Research Director security profile. This profile references the Sales Positions hierarchy and names the Sales Research Director as the top position for access to employee records.

Organization Hierarchy: Sales Organization
Top Organization: Sales Department
Position Hierarchy: Sales Positions
Top Position: Sales Research Director
Include Top Position: Yes

When you give the Sales Research Director a responsibility including this security profile, she can access the records of her subordinates. But, she cannot access records of:

As with organization hierarchies, you can specify that profiles do not include access to the top position.


The third way to restrict access to employee records is by payroll. For example, you can give payroll staff who work on the Sales payroll access to records of employees on this payroll only.

Controlling security by payroll assignment limits the employee records users can see and update on employee-related windows, such as those for employee information, and element entry.

Of course, if an employee assignment does not include a payroll, payroll security cannot apply to this assignment. Payroll security never applies to applicant records since applicants are not assigned to payrolls.

The windows for compensation definition are unrelated to any particular employee records or payroll assignments. Therefore limiting access by payroll does not affect users' access to these windows.

See Also

Defining Security Profiles

         Previous  Next          Contents  Index  Navigation  Glossary  Library