By default, granting the Create permission allows the user granted permission to create any position in the system. So, the target criteria are not respected for the Create permission.
If you want to respect the defined target criteria for the Create Permission also, you need to set the Create Respects Target Criteria flag to Yes for the Position object. You do this in the Admin Center by choosing Configure Object Definitions.
With this setting, it’s possible to achieve, for example, the following requirement: Managers need to be able to view all positions in the system but are allowed only to create new positions that are below their own position.
Here’s how you set this up:
Change the Position Object definition and set flag Create Respects Target Criteria to Yes.
Create a new Permission role with Position Permissions View Current and View History and grant this role to all Positions as target criteria.
Create a new permission Role with Position permission Create and grant this role with position restriction Include access to Position in the hierarchy below the Granted User's Position with Parent Position = All level(s).
Note The Create permission is only validated when the position is saved. If you have restricted permissions on creating positions, they’re only validated when you save the position or submit the workflow. If you don’t have permission to create the position, the system doesn’t allow you to save or submit.