Hi,

You have to create Record Rules for this:-

Record rules are conditions that records must satisfy for an operation (create, read, update or delete) to be allowed. It is applied record-by-record after access control has been applied.

A record rule has:

    ## a model on which it applies

    ## a set of permissions to which it applies (e.g. if perm_read is set, the rule will only be checked when reading a record)

    ## a set of user groups to which the rule applies, if no group is specified the rule is global

a domain used to check whether a given record matches the rule (and is accessible) or does not (and is not accessible). The domain is evaluated with two variables in context: user is the current user’s record and time is the time module

->Global rules and group rules (rules restricted to specific groups versus groups applying to all users) are used quite differently:

->Global rules are subtractive, they must all be matched for a record to be accessible

->Group rules are additive, if any of them matches (and all global rules match) then the record is accessible

->This means the first group rule restricts access, but any further group rule expands it, while global rules can only ever restrict access (or have no effect).

For Eg:-

here is rule for only seeing employee records of logged in user(for employees group only).

        <record model="ir.rule" id="employee_view_rule_employee">
            <field name="name">Employee view rule</field>
            <field name="model_id" ref="hr.model_hr_employee"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]" />
            <field name="domain_force">[('user_id', '=', user.id)]</field>
        </record> 

For object of salary record you have to create similar rules like you want.

Hope this helps......