You can grant each Administrator permissions to only access what they should be able to:
When adding a new Administrator, you first decide whether to grant them an "Administrator" role or an "Account Owner" role. An Account Owner always has access to everything, so be judicious how to assign that role. You can have multiple Account Owners if you wish.
With the Administrator role, you decide which specific permissions to grant. See the screenshot above for those options. A couple notes about these permissions:
- Org unit access: By default an administrator has access to all Org Units you create. You can decide to restrict access only to workers and devices in specific Org Units.
- User sensitive: You can restrict access to certain sensitive worker fields, such as Compensation, Birth Date, National ID / SSN, etc. If this permission is not checked, then the Administrator won't be able to view or edit those fields. See the next section below how to define which fields are sensitive.
- Edit administrators: If checked, a user with Administrator role will be able to view and edit other Administrators. But only Account Owners can view or edit other Account Owners. Plain Administrators won't be able to view Account Owners.
User Default Settings
You define which settings are consider "sensitive" for the purpose of the "User sensitive" permission above. You can also specify whether that permission is required to set those fields for new users, to delete users, and/or make Pay Class read only.
If Compensation is set as a sensitive field, then pay totals will not be displayed in the various reports.