Employee sensitive data protection

(1) Share

Report

Posted on by BilalT

Hello.

We are looking for solution options to protect specific Employee data fields ( compensation, performance, other personal info. ) from read/extract access.

This should apply to the System Administrator as well, and only specific designated roles should be able to have the read access.

We will experiment with the Field Level Security to hide the data, and perhaps create a custom sys admin role as well.

Did anyone go through this exercise before, what other options would you suggest?

Thanks!

Bilal

All responses (1)

Answers (0)

André Arnaud de Cal... 296,054 Super User 2025 Season 1 on at

Like (0)

Report

Employee sensitive data protection

Hi Bilal,

You can indeed hide fields by denying access to particular fields using security configuration or customization. A system administrator is bypassing all security, so you will need to consider removing the system administrator role and creating a new role where super users can be restricted from viewing sensitive data.

If you create a new administrator role, note that some features in the application will not be visible as some menu items are not included in standard security objects and some form controls are visible to system administrators (and selected roles depending on the feature) only. Some features, like managing security or troubleshooting workflows, are covered by other roles, like the Security Administrator and Information Technology Manager.