Human Resources have access to most information and some information from HR has to be requested by HR to the user that owns the information. All personal information, or information not made available to the public can only be accessed via a domain login. Therefore in order to see a paystub, they have to be in the office on the domain joined computer which they put in all of the credentials. Then of course the passwords changes every 45 days. And data administrator allows you to block information from other employees, even our bosses. So there are many ways to enforce an information policy. I have noticed; the better the policy, the more security. Or the more security, the more credentials you need.
What are your thoughts on this?