How to manage security for HR users who need to manage different information on different companies
Looking for a best practice to manage different functionalities on different perimeters/companies
In the use case where an HR user must be able to:
- manage various information (employment data, salary, performance, profile data, etc.) within the company/perimeter assigned
- manage various information, except for salary and compensation info, in other companies different from the previous ones
- manage only profile information and best-fit functionalities for ALL companies
Is there any best practice to consistently apply to this scenario?
Can there be critical issues in the event that multiple roles and multiple types of AoR and different security profiles are created to manage these different needs?