The Personnel Integration Service Account permissions (Menu > System Configuration > Security > Service Account Administration) have been separated into these separate Service Account permissions: (1) Global Employee Direct Deposit, (2) Employee Job History Details, (3) Employee Person Details, and (4) Employee Compensation Details. If View Only was granted for Personnel Integration, then View Only is now granted for these new Service Account permissions as well.
The Payroll Integration Service Account permissions (Menu > System Configuration > Security > Service Account Administration) have been separated into these separate Service Account permissions: 1) Employee Direct Deposit
New Account Permission Options
In an effort to reduce vulnerabilities we have split out APIs containing sensitive information such as employee data into their own permission items. Previously these APIs were grouped under Personnel Integration and some customers were uncomfortable giving their developers access to sensitive data.
How does this affect customers & partners?
- More granular API permissions can now be assigned. If customers want to exclude APIs containing sensitive employee data they can now do so by only granting access to the Personnel Integration set.
Are existing accounts/permissions going to be affected?
- Existing account permissions are not going to be impacted/changed.
A script was run to opt-in all existing users of the above APIs to ensure their permissions were enabled/maintained.