Hi Thirumala
When you say discuss with the users do you mean the Process Owner/Functional people who implemented HCM OR actual end users?
If you give an end user a choice they'll ask for everything.
Security enables business process. If access is to be granted, roles should be designed based on what you are implemented.
Your question is very vague and seems like you don't know the system well enough to determinate requirements. Although you mention modules that's a lot of transactions but your missing key information like is there ESS/MSS in scope, is access via SAPGUI, NWBC or Portal. A lot of employee level access is not transactions - webdynpro and forms.
Are you the security builder here or the functional person?
Regards
Colleen