Security Profiles The security profile attached to a responsibility determines which applicant and employee records are available

to holders of that responsibility. You associate a security profile with work structures. The records of employees and applicants assigned to these work structures are then accessible to holders of the responsibility. The work structures you can name in security profiles are:
o

internal organizations and organization hierarchies. Organizations include structures like departments, sections, groups and teams. Each security profile allows access to one Business Group only. positions and position hierarchies. Positions are jobs performed within specified organizations, such as:

Clerk, Accounting Section (organization is Accounting Section and job is clerk) Quality Control Technician (organization is Quality Control Group and job is technician)

payrolls, such as Weekly Payroll, Monthly Payroll, or Sales Payroll.

Organizations and Organization Hierarchy To set up a security profile that permits access to employee records of certain organizations only, you make use of organization hierarchies. You can build any number of additional hierarchies to meet your security requirements. For example, suppose you build this Sales Organization hierarchy:

You can create a security profile that permits access to employee records throughout the sales organization. This profile references the Sales Organization hierarchy. It names the Sales Department as the highest organization in the hierarchy through which profile holders have access to employee records. Next, you want the directors of the two sales regions to have access to all employee records in their region only. You create Eastern and Western Sales Director security profiles. These profiles also reference the Sales hierarchy. But, they name the Eastern and Western Regions, respectively, as the top organizations for these profiles' access to employee records. When you name an organization as the top organization, you specify whether it is inclusive or not. You must include the top organization if you want holders of the profile to access records of people assigned to the top organization. Positions and Position Hierarchies After establishing limits on record access using organization hierarchies, you can further restrict access by means of position hierarchies. Suppose, for example, within the Sales Department, you want to give the Sales Research Director access to her subordinates' records only. You can start by building the following Sales Positions Hierarchy:

Now you create the Sales Research Director security profile. This profile references the Sales Positions hierarchy and names the Sales Research Director as the top position for access to employee records. Security Profile: SALES RESEARCH DIRECTOR

Organization Hierarchy: Sales Organization Top Organization: Position Hierarchy: Top Position: Include Top Position: Sales Department Sales Positions Sales Research Director Yes

When you give the Sales Research Director a responsibility including this security profile, she can access the records of her subordinates. But, she cannot access records of:
o o o

the VP or Associate VP of Sales the Regional Sales Director the Regional Sales Director's subordinates.

As with organization hierarchies, you can specify that profiles do not include access to the top position. Payrolls The third way to restrict access to employee records is by payroll. For example, you can give payroll staff who work on the Sales payroll access to records of employees on this payroll only. Controlling security by payroll assignment limits the employee records users can see and update on employee-related windows, such as those for employee information, and element entry. Of course, if an employee assignment does not include a payroll, payroll security cannot apply to this assignment. Payroll security never applies to applicant records since applicants are not assigned to payrolls. The windows for compensation definition are unrelated to any particular employee records or payroll assignments. Therefore limiting access by payroll does not affect users' access to these windows.