Alerts Composer allows user to view employee salary data despite no payroll/compensation access
Summary:
We have a user who has access to Alerts Composer and is required to run alerts as part of their role. However, this user does not have business access to Payroll, Compensation, or salary information for other employees.
Despite this, the user can run an alert through Alerts Composer and view salary-related information for employees outside their authorized access. This appears to bypass the user’s intended HCM security/data access restrictions.
Content (please ensure you mask any confidential information):
The user should be able to run authorized alerts, but salary data should not be exposed unless the user has the appropriate salary/compensation/payroll privileges and data security access. Alerts Composer execution should respect the same HCM functional and data security restrictions that apply elsewhere in Fusion HCM.