We've always had fairly powerful, granular user security in HR Partner to prevent certain admin users from accessing sensitive employee data, but we have just made a couple of small tweaks to improve it.
You can now elect to hide custom fields from certain admins. Our growing user base has made us aware that sometimes, extremely sensitive data is stored in these custom fields, and that they are not for general viewing of, say, junior department managers.
So now in the user setup, you can opt to allow the admin user the ability to see/edit the custom field data.
Another change we've made is that we have separated the ability to edit employee masterfile data, vs the ability to edit sub-module data. The masterfile data consists of critical employee information, such as their name, birthdate, contact information etc., whereas the sub-module data are things like their Absence records, Training information, Performance Reviews etc.
Once again, as our user base grows, we are seeing situation where there might be an IT manager who is an admin, and needs to get to the Company Asset information so they can allocate laptops and phones to employees, but they should not be able to actually edit the employee masterfile data in any way.
Previously, an admin with 'edit employee' permission could do both, but we have now split that so that you have to nominate which of the two permissions they can have.
We hope this makes it easier to invite your department managers, HR assistants and colleagues to work alongside you in HR Partner.
As always, if you have any questions about setting up user permissions, please contact one of our helpful team on firstname.lastname@example.org