'Allow Viewing, Printing and Editing of Highly Sensitive PII'

Hi All,

I suspect I will need to submit an enhancement request, but thought I'd throw it out there for any feedback - it appears that the above Payroll Security Option Role Task is 'all order nothing' which seems to be creating a problem with some of our clients.  While they do NOT in any way want unmasked SS#'s to show up on their payroll reports, multiple times they have encountered an issue where they create a new Employee in payroll inadvertently specifying an incorrect SS#.  Once accepted, they are unable to edit the SS# without enabling the above role task for the user. 

I'm definitely not going to permanently enable the role task, then attempt to manually modify every payroll report to mask SS#'s- any workaround anyone can think of here?

Thanks in advance!