looking for some ideas on payroll data restriction. We use custom Payroll sollution which at the end creates standard Paycheck transactions which can be paid via standard Vendor payment. The problem is how to restrict for some roles (actually all but HR role) to access Payroll amounts which can be seen in many places: 1. Vendor payments 2. Bank registers 3. GL registers We tried to use Class segment for these restrictions but it doesn't look very promising (there are some issues) not talking about fact that you can't use CLass for other needs then.

If you are using vendor bill and payment combination for payroll, I doubt you can restrict it via permission from showing up in those places. You can use a unique identifier to throw exception "No access" via workflow when someone not defined in the workflow trying to look up the vendor, but still all transactional details would be viewable many other places. Best practice for external payroll is to just bring in the final JE from payroll system each pay cycle. I just wonder who came up with this process 🤔