Thanks for that, Audrey.
I'm guessing the people in lower grades can be determined by their respective employee subgroups?
The ESS role 1, grants access to everyone in their own department (guessing from the authorization profile "HR_ESS_OWN").
The ESS role 2 grants access to many of the same infotypes for anyone in HSCO. (specifically IT0008).
For now, I think you could try to remove access to IT0008 from all P_ORGIN & P_ORGINCON objects that have a PERSK value of "15" from both of the ESS roles.
After that, create separate P_ORGIN & P_ORGINCON objects where you specify for which population they need to be able to access IT0008.
Presumably, this would be for PERSK = 01-13 only?
Also, another P_PERNR object is required if you want the users to see their own IT0008 .
Please let me know if you run into anything or if I'm blatantly missing the point here 
Dimitri.