I can’t find anything in the spec that says either of those is not allowed. If you take the latter route, remember that a future version of the spec may define an include parameter as well. It also may be more difficult to get client-side libraries to conform with your extra requirements. I would personally go with the first option. If employees are not supposed to see certain fields, then their client shouldn’t be expecting them anyway.
Since your permissions are very granular, a possible implementation is to loop through all of the resources and remove attributes that the client shouldn’t see, right before the document is serialized. I find that easier than figuring out which attributes to include when they are being read.