Our experience was the same when we first created custom security roles using a combination of out-of-the-box (OOB) security roles for ESS users. We had to do this so we could include Workflow Roles. Our findings were that the following two roles should be given to managers only and not to employees not responsible for approvals. EMP_PROFILE_MANAGER_01* and EMP_SKILLS_MANAGER_01* . This obviously gives the user with the manager role the ability to see all employees, whether they report in to them or not. But, until there is another solution that limits the view using the manager's active directory (AD) relationships, this was the best we could put together. Our non-manager/non-approver employees get access to the following OOB roles: PADEFAULTUSER*, PTE_EXPENSE_ENTRY_001* and PTE_TIME_ENTRY_001* (plus our custom workflow security task ID).
↧