Skip to main content

Restrict certain employees from viewing their own data

  • April 7, 2025
  • 1 reply
  • 221 views

Shahar Groutz
Bobber

Use a custom group to control who can view their own profile details — beyond the default setup.

The All People – Own Data permission group is meant to give all employees access to view their own basic information. If you need to provide additional access to some employees (or restrict access for others), you can do this by creating a custom permission group with self-access rules.

This guide walks you through how to create a permission group that includes only the employees you want to allow, while leaving others restricted.

To restrict self-access for specific employees:

  1. Remove default category permissions

    • Go to System settings > Account > Permission groups

    • Select All People – Own Data

    • In the People’s data tab, remove permissions for the category you want to restrict

    This removes self-access for all employees by default.

  2. Create a new permission group

    • Click + Add group

    • Name the group (e.g., “Self-access – allowed”)

    • Go to Group actions > Edit details

    • In the Members section, choose Select by condition

    • Set conditions to include everyone except the employees you want to restrict (e.g., by location, employment type, etc.)

  3. Restrict visibility to "self only"

    • In the new group’s People’s data tab, add the condition:

      • Email = Same as viewer

    This ensures group members can only view their own profiles.

  4. Reassign category access to the new group

    • Go to the relevant category settings

    • Grant view/edit access to the new permission group you created

  5. Test the configuration

    • Log in as an employee in the new group: they should see only their own profile

    • Log in as an employee excluded from the group: they should not be able to view their own profile

1 reply

Thanks Tal!

I created a new group for her, with many different permissions for all employees (without excluding anyone). But from what I know, the highest (or strictest) permission level is the one that takes precedence. And indeed, it seems to be the case. When I’m logging with her account and try to filter the org chart, the HR team appears in gray (like in the image I attached in the previous ticket), and she apparently doesn’t have visibility into it.