This is because on settings->groups-> HR officer has a following record rule: Employee Payslip ['|', ('employee_id.user_id', '=', user.id), ('employee_id.department_id.manager_id.user_id', '=', user.id)] (this means that only employee whose payslip it is can edit or create it or the manager of the department where employee belongs to can edit it. Note: you have to define Manager of department from HR->configuration->Departments->select department->select manager) and because also Manager inherits from officer same rule restricts both user groups Manager and Officer.

If you don't want this restriction you can deactivate this record rule from Settings->Security->Record rules

For our case we are changed the security to :

<record id="hr_payroll.property_rule_manager_payslip" model="ir.rule">
    <field name="name">Employee Payslip</field>
    <field model="ir.model" name="model_id" ref="model_hr_payslip"/>
    <field name="domain_force">[(1, '=', 1)]</field>
    <field name="groups" eval="[(4,ref('base.group_hr_manager'))]"/>
</record>

I explain : If a user is a HR Manager so he can generate ans see all payslip (our vision) So create/overwrite an other rule in the securtity with this information:

• domain = [(1, '=', 1)]
• groups = RH Manager
• model = 'hr.payslip'

I see thuis more logic

Best regards