When a user is tied to a primary permission list how does it decide the department data access for the employee?

When a user is tied to a primary permission list how does it decide the department data access for the employee? Where and how is this mapping done?

User is tied to a primary permission list in user profile table. This permission list is tied to a setid and deptid in the security setup. This can be done by navigating to Setup HRMS -> Security -> Core row level security -> Security by dept tree. All the departments that get tied here against the permission list are accessible to the user.

I wish to give access of a page which shows the USA flag to a user but wish to exclude some of the components. How can I do that? Explain the steps.

Any user whose Primary Permission List is set up to show a particular country will show its flag as well. The navigation for the same is: Setup HRMS -> Security -> Component and Page Security -> Setup Global Security. If the US flag has to be shown to the user, USA should be selected in the country prompt. There is a link to ‘Excluded Components’ in the panel, which can be used to exclude certain components.

If I am able to see the Brazil flag in a component by means of Global security, will I be able to see Brazil employees too? Explain.

No, you would not be able to see Brazil employees. Global Security grants you the permission to see a particular flag and not the data. Access to employees is given by means of Row level Security.