22F-PERM-F

Field Permission 覆盖度检查

本页只读检查关键敏感字段是否已被 field_permission_rules 覆盖。不新增规则，不修改 active 权限规则。

返回 HRMS Portal Preview / Review 机制权限引擎工作台

一、覆盖度汇总

现有 Field Rules

关键字段数

已覆盖

缺失

弱规则

二、硬性边界

本页只读。缺失或弱覆盖字段，后续只能先生成 draft_not_active 样例规则，不能直接写入 active field_permission_rules。

三、关键字段覆盖检查

模块	对象	字段	敏感级别	期望策略	覆盖状态
employee	employee	`mobile`	high	mask_or_conditional	missing
employee	employee	`email`	medium	mask_or_conditional	missing
employee	employee	`feishu_open_id`	high	deny_or_mask	missing
employee	employee	`feishu_union_id`	high	deny_or_mask	missing
employee	employee	`raw_payload`	high	deny_or_admin_only	missing
assessment	assessment_result	`dimension_scores`	critical	conditional_allow	missing
assessment	assessment_result	`total_score`	high	conditional_allow	missing
assessment	assessment_result	`risk_flags`	critical	conditional_allow	missing
assessment	assessment_result	`algorithm_input_mapping`	critical	conditional_allow	missing
assessment	assessment_assignment	`assignment_payload`	medium	conditional_allow	missing
algorithm	talent_algorithm_result	`risk_flags`	critical	conditional_allow	missing
algorithm	talent_algorithm_result	`final_talent_score`	critical	conditional_allow	missing
algorithm	talent_algorithm_result	`recommended_action`	critical	conditional_allow	missing
profile	employee_profile	`assessment_summary`	high	conditional_allow	missing
profile	employee_profile	`talent_tags`	high	conditional_allow	missing
people_action	people_action_draft	`action_reason`	high	conditional_allow	missing
people_action	people_action_draft	`approval_comment`	high	conditional_allow	missing
compensation	compensation_record	`salary_amount`	critical	deny_by_default	missing
compensation	compensation_record	`salary_band`	critical	conditional_allow	missing

四、现有 Field Rules 预览

rule_id	role	object	field	sensitivity	result	mask	audit	approval	status
`FIELD_RULE_0077`	ROLE_BOSS	algorithm_config	algorithm_config	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0038`	ROLE_DEPARTMENT_HEAD	algorithm_config	algorithm_config	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0012`	ROLE_EMPLOYEE	algorithm_config	algorithm_config	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0051`	ROLE_HRBP	algorithm_config	algorithm_config	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0025`	ROLE_MANAGER	algorithm_config	algorithm_config	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0064`	ROLE_REVIEWER	algorithm_config	algorithm_config	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0090`	ROLE_SYSTEM_ADMIN	algorithm_config	algorithm_config	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0068`	ROLE_BOSS	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0029`	ROLE_DEPARTMENT_HEAD	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0003`	ROLE_EMPLOYEE	algorithm_output	final_talent_score	sensitive	mask	show_label_only	False	False	active
`FIELD_RULE_0042`	ROLE_HRBP	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0016`	ROLE_MANAGER	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0055`	ROLE_REVIEWER	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0081`	ROLE_SYSTEM_ADMIN	algorithm_output	final_talent_score	sensitive	allow	none	False	False	active
`FIELD_RULE_0073`	ROLE_BOSS	algorithm_output	key_person_calibration_adjustment	restricted	allow	none	True	False	active
`FIELD_RULE_0034`	ROLE_DEPARTMENT_HEAD	algorithm_output	key_person_calibration_adjustment	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0008`	ROLE_EMPLOYEE	algorithm_output	key_person_calibration_adjustment	restricted	deny	hide_value	True	True	active
`FIELD_RULE_0047`	ROLE_HRBP	algorithm_output	key_person_calibration_adjustment	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0021`	ROLE_MANAGER	algorithm_output	key_person_calibration_adjustment	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0060`	ROLE_REVIEWER	algorithm_output	key_person_calibration_adjustment	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0086`	ROLE_SYSTEM_ADMIN	algorithm_output	key_person_calibration_adjustment	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0071`	ROLE_BOSS	algorithm_output	one_vote_veto	restricted	allow	none	True	False	active
`FIELD_RULE_0032`	ROLE_DEPARTMENT_HEAD	algorithm_output	one_vote_veto	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0006`	ROLE_EMPLOYEE	algorithm_output	one_vote_veto	restricted	deny	hide_value	True	True	active
`FIELD_RULE_0045`	ROLE_HRBP	algorithm_output	one_vote_veto	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0019`	ROLE_MANAGER	algorithm_output	one_vote_veto	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0058`	ROLE_REVIEWER	algorithm_output	one_vote_veto	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0084`	ROLE_SYSTEM_ADMIN	algorithm_output	one_vote_veto	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0070`	ROLE_BOSS	algorithm_output	risk_tags	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0031`	ROLE_DEPARTMENT_HEAD	algorithm_output	risk_tags	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0005`	ROLE_EMPLOYEE	algorithm_output	risk_tags	highly_sensitive	deny	hide_value	True	False	active
`FIELD_RULE_0044`	ROLE_HRBP	algorithm_output	risk_tags	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0018`	ROLE_MANAGER	algorithm_output	risk_tags	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0057`	ROLE_REVIEWER	algorithm_output	risk_tags	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0083`	ROLE_SYSTEM_ADMIN	algorithm_output	risk_tags	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0069`	ROLE_BOSS	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0030`	ROLE_DEPARTMENT_HEAD	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0004`	ROLE_EMPLOYEE	algorithm_output	talent_tags	sensitive	mask	show_label_only	False	False	active
`FIELD_RULE_0043`	ROLE_HRBP	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0017`	ROLE_MANAGER	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0056`	ROLE_REVIEWER	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0082`	ROLE_SYSTEM_ADMIN	algorithm_output	talent_tags	sensitive	allow	none	False	False	active
`FIELD_RULE_0072`	ROLE_BOSS	algorithm_output	values_risk	restricted	allow	none	True	False	active
`FIELD_RULE_0033`	ROLE_DEPARTMENT_HEAD	algorithm_output	values_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0007`	ROLE_EMPLOYEE	algorithm_output	values_risk	restricted	deny	hide_value	True	True	active
`FIELD_RULE_0046`	ROLE_HRBP	algorithm_output	values_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0020`	ROLE_MANAGER	algorithm_output	values_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0059`	ROLE_REVIEWER	algorithm_output	values_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0085`	ROLE_SYSTEM_ADMIN	algorithm_output	values_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0074`	ROLE_BOSS	assessment_result	raw_responses	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0035`	ROLE_DEPARTMENT_HEAD	assessment_result	raw_responses	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0009`	ROLE_EMPLOYEE	assessment_result	raw_responses	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0048`	ROLE_HRBP	assessment_result	raw_responses	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0022`	ROLE_MANAGER	assessment_result	raw_responses	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0061`	ROLE_REVIEWER	assessment_result	raw_responses	highly_sensitive	allow	none	True	False	active
`FIELD_RULE_0087`	ROLE_SYSTEM_ADMIN	assessment_result	raw_responses	highly_sensitive	mask	show_label_only	True	False	active
`FIELD_RULE_0078`	ROLE_BOSS	audit_log	audit_log	restricted	allow	none	True	False	active
`FIELD_RULE_0039`	ROLE_DEPARTMENT_HEAD	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0013`	ROLE_EMPLOYEE	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0052`	ROLE_HRBP	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0026`	ROLE_MANAGER	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0065`	ROLE_REVIEWER	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0091`	ROLE_SYSTEM_ADMIN	audit_log	audit_log	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0067`	ROLE_BOSS	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0028`	ROLE_DEPARTMENT_HEAD	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0002`	ROLE_EMPLOYEE	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0041`	ROLE_HRBP	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0015`	ROLE_MANAGER	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0054`	ROLE_REVIEWER	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0080`	ROLE_SYSTEM_ADMIN	employee	department_name	internal	allow	none	False	False	active
`FIELD_RULE_0066`	ROLE_BOSS	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0027`	ROLE_DEPARTMENT_HEAD	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0001`	ROLE_EMPLOYEE	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0040`	ROLE_HRBP	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0014`	ROLE_MANAGER	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0053`	ROLE_REVIEWER	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0079`	ROLE_SYSTEM_ADMIN	employee	employee_name	internal	allow	none	False	False	active
`FIELD_RULE_0076`	ROLE_BOSS	manager_action_risk	manager_action_risk	restricted	allow	none	True	False	active
`FIELD_RULE_0037`	ROLE_DEPARTMENT_HEAD	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0011`	ROLE_EMPLOYEE	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0050`	ROLE_HRBP	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0024`	ROLE_MANAGER	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0063`	ROLE_REVIEWER	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0089`	ROLE_SYSTEM_ADMIN	manager_action_risk	manager_action_risk	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0075`	ROLE_BOSS	people_action	demotion_reason	restricted	allow	none	True	False	active
`FIELD_RULE_0036`	ROLE_DEPARTMENT_HEAD	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0010`	ROLE_EMPLOYEE	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0049`	ROLE_HRBP	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0023`	ROLE_MANAGER	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0062`	ROLE_REVIEWER	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active
`FIELD_RULE_0088`	ROLE_SYSTEM_ADMIN	people_action	demotion_reason	restricted	mask	show_label_only	True	True	active