'Full Download' from 'View Admin Reports' compromising security
Summary
Delegates acting on behalf of high level managers are able to see salary details of that high level manager.Content
We are trying to meet below two requirements:
1) Business line pay reps (BLPR) will proxy as a certain EMPLID (high level managers) and perform merit allocations. They have visibility to direct and indirect reports of that EMPLID.
2) They click 'View Admin Reports' link and then access the delivered reports which will contain sensitive data of direct and indirect reports of that EMPLID.
We created a custom role and assigned it to those BLPR. Used below custom sql to pull scope of audience for that BLPR.