Hello Desma,
you need to know, how the application (HR) checks the authorizations. ST01 is a good tool for that task.
If the standard kernel functionality 'authority check' is used, you can forget about your roles, as the Kernel checks only based on authorizations, no matter through which profiles that authorizations have been assinged, i.e. through which roles that profiles have been assigned.
If the applicaiton does not check the required authorizations (means object+required field combinations with values) you will need to add your own checks in the worst case.
b.rgds, Bernhard