本页展示关键敏感字段的 field permission 设计样例。所有规则均为 draft_only_not_active,不会写入 active 权限表。
返回 HRMS Portal 字段覆盖度检查 Preview / Review 机制| 模块 | rule_id | 对象 | 字段 | 敏感级别 | 结果 | 脱敏 | 允许角色 | 审计 | 审批查看 | 状态 |
|---|---|---|---|---|---|---|---|---|---|---|
| employee | DRAFT_FIELD_EMPLOYEE_MOBILE_MASK |
employee | mobile |
high | mask | middle_4_digits | ROLE_BOSS, ROLE_HRBP | True | False | draft_not_active |
| employee | DRAFT_FIELD_EMPLOYEE_EMAIL_MASK |
employee | email |
medium | mask | partial_email | ROLE_BOSS, ROLE_HRBP, ROLE_MANAGER | True | False | draft_not_active |
| employee | DRAFT_FIELD_FEISHU_OPEN_ID_DENY |
employee | feishu_open_id |
high | deny_by_default | hidden | ROLE_BOSS | True | True | draft_not_active |
| employee | DRAFT_FIELD_FEISHU_UNION_ID_DENY |
employee | feishu_union_id |
high | deny_by_default | hidden | ROLE_BOSS | True | True | draft_not_active |
| employee | DRAFT_FIELD_EMPLOYEE_RAW_PAYLOAD_ADMIN_ONLY |
employee | raw_payload |
high | admin_only | hidden | ROLE_BOSS | True | True | draft_not_active |
| assessment | DRAFT_FIELD_ASSESSMENT_DIMENSION_SCORES_RESTRICTED |
assessment_result | dimension_scores |
critical | conditional_allow | deny_by_default | ROLE_BOSS, ROLE_HRBP, ROLE_REVIEWER | True | True | draft_not_active |
| assessment | DRAFT_FIELD_ASSESSMENT_TOTAL_SCORE_RESTRICTED |
assessment_result | total_score |
high | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP, ROLE_REVIEWER | True | False | draft_not_active |
| assessment | DRAFT_FIELD_ASSESSMENT_RISK_FLAGS_RESTRICTED |
assessment_result | risk_flags |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| assessment | DRAFT_FIELD_ALGORITHM_INPUT_MAPPING_RESTRICTED |
assessment_result | algorithm_input_mapping |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| assessment | DRAFT_FIELD_ASSIGNMENT_PAYLOAD_RESTRICTED |
assessment_assignment | assignment_payload |
medium | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP, ROLE_REVIEWER | True | False | draft_not_active |
| algorithm | DRAFT_FIELD_ALGORITHM_RISK_FLAGS_CRITICAL |
talent_algorithm_result | risk_flags |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| algorithm | DRAFT_FIELD_FINAL_TALENT_SCORE_CRITICAL |
talent_algorithm_result | final_talent_score |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| algorithm | DRAFT_FIELD_RECOMMENDED_ACTION_CRITICAL |
talent_algorithm_result | recommended_action |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| profile | DRAFT_FIELD_PROFILE_ASSESSMENT_SUMMARY_RESTRICTED |
employee_profile | assessment_summary |
high | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP, ROLE_REVIEWER | True | False | draft_not_active |
| profile | DRAFT_FIELD_PROFILE_TALENT_TAGS_RESTRICTED |
employee_profile | talent_tags |
high | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP, ROLE_REVIEWER | True | False | draft_not_active |
| people_action | DRAFT_FIELD_PEOPLE_ACTION_REASON_RESTRICTED |
people_action_draft | action_reason |
high | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| people_action | DRAFT_FIELD_PEOPLE_ACTION_APPROVAL_COMMENT_RESTRICTED |
people_action_draft | approval_comment |
high | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |
| compensation | DRAFT_FIELD_SALARY_AMOUNT_DENY_BY_DEFAULT |
compensation_record | salary_amount |
critical | deny_by_default | hidden | ROLE_BOSS | True | True | draft_not_active |
| compensation | DRAFT_FIELD_SALARY_BAND_RESTRICTED |
compensation_record | salary_band |
critical | conditional_allow | role_based | ROLE_BOSS, ROLE_HRBP | True | True | draft_not_active |