Restrict employee to view only those employee data who works under him

I set an employee create permission user to 0 so that he can view employees records who reports to him, his role is just leave approver and employee but he can see every employee data. How to correct this

create user permission should have been 1