How to set user roles and customize permissions?

This document explains how to set user roles and customize permissions based on those user roles. Please note that ome permissions can only be customized in the backend.

User permissions control how users access  HR Cloud application, and what can they view, edit or create through the application.

One of the important features of this application is that it allows customization of not only form-level permissions but also field-level permissions to be associated with different users. This implies that every user will have different permissions on CRUD (Create, Read, Update and Delete) operations regarding data in the system based on their roles and responsibilities.

This makes the system more flexible and secure.

There are eight different types of roles that you can assign to users. Each of these user roles is associated with a different set of default permissions for users. 

  • Refer to this article to learn about the various types of user roles and their default permissions. Users can be associated with only one user role.
  • An HR admin can change the user’s role at any point in time.

Set user role

By default, whenever a new user is created in the system, the user role assigned is Employee or Manager. ( user becomes a Manager automatically if he has direct reports in the system and that is the only way how Manager security role gets assigned.)
However, HR Admin can modify an employee's role and permissions at any time using the following steps:

  • Go to People and search for the employee for whom the role is to be set.
  • Click the employee's name to open his profile and go to the Account tab.
2020-02-03_2028-11
  • Click on the ‘Change Security’ link at the bottom in the Security section and select the new user role to be assigned and permissions to be given. Click ‘Save’.

Customize Permissions

When choosing a user role for the new user, Permissions can be edited to allow access to all or some parts of the system.  

By default, all parts of the system are included but Admin can make additional adjustments by unclicking the toggle "Automatically include current and new locations/departments/divisions) and then the option to Edit becomes available.

Under Edit, you get a full list of all active parts of the system and then one by one, Admin chooses to which parts he wants to give access to this specific user.

Access and permissions can also be set through the settings, there is a section called "Access & Permissions". There you can configure which actions a specific user role can perform in the system. You can also change/set user roles there by clicking a pencil (edit) button under the actions tab next to each employee.

Field/form permissions

Additionally, customization of specific user roles' access is set up in the backend.

Since Admins can not access the back end, this has to be done by the Account Manager or support team.

Permissions are set up in a way that you can allow user roles to Read ( only see), Create ( add new data) or Update ( edit existing data) to any field or form in the system.

Additional adjustment is for whom they can do this - for themselves (User Records scope), for their direct reports ( Direct Reports scope), or for all users they have access to ( based on the front end permission customizations)

 

IMPORTANT NOTES/SUMMARY:

  1. Each user can have only one security role at the moment. 
  2. Admin needs to assign a specific security role to the user. 
    An employee security role is given automatically unless that user has direct reports in the system.
    A manager security role can not be assigned but is automatically given as soon as that user gets at least one direct report in the system.
  3. Employees can see only themselves and that can not be changed.
  4. Managers can see themselves and everyone below them on the hierarchy and that can not be changed.
  5. Names of security roles can not be changed nor can we add more security roles.
  6. In the front end, Admin can adjust Access and Permission for a specific security role through the system in terms of what can everybody with that user role see and do in the apps included.
  7. In the front end, Admin can adjust access to specific locations, departments, and divisions for an individual. - this means that all front-end and back-end setup for this security role will be applied to this individual but he is additionally limited to doing what he is allowed to only if it refers to other users who meet the adjusted criteria.
  8. In the back end, AM adjusts permissions for a specific security role which means that every user who has that security role will be able to see, create or update a specific form or a field on an employee's profile he has access to based on permission setup from the item 7.
  9. Setup of all permissions can be changed at any given moment and the change is applied immediately.