Each authorization role is divided into two sections.
- Having personal privileges enabled means the user can only see their own data
- The Employee role described works like this
- Any user with Administration privileges will have access to other user's data
- The Manager and Administration roles have this enabled
Any user with administration privileges will see data for all other users!
This can be prevented by dividing employees into organization units and assigning these organization units to different administrators and managers.