We have deployed the Occupational Health module within EHS, this comes with a number of standard reports, however it seems that these reports do no authorization checks (beyond the standard TCODE)....
Is this correct?
My client has a number of departments and would like to restrict access so that H&S employees only see data for the employees within their own department.