Hi Experts,
Recently I have come across a design issue for the HR roles in our system.
Our HCM system has ESS/MSS as well as other backend roles such as payroll, time admin etc.
The ESS/MSS role is categorized based on country, as such the P_ORGIN object will have full country value for PERSA etc.
The backend role such as PAYROLL ADMIN will have restrictions based on PERSA.
When we combine both, the ESS/MSS access overrides PERSA restrictions in PAYROLL Admin role & gives additional access to full country.
Is there a way to mitigate this & restrict the access without changing the ESS/MSS authorizations?
Please share your thoughts.
Nivin