Handling private candidate information is always a tricky proposition -- you need to ensure your users have all the information they need to make an informed decision without over-sharing, which can be a tough line to walk, and until now the permission that allowed access to this sensitive information was a little broad.
Previously, a Job Admin with the permission: Can see private notes, salary info, manage offers, and approve jobs/offers could access this private data across every job they were assigned, which isn't always the way your recruiting process works best. Maybe a recruiter is involved with salary negotiations for one job, but you wouldn't want them to see this information for a candidate on their own level or higher. Luckily, you can now tailor which jobs a Job Admin has private access to using some new permissions!
When adjusting a user's settings on the Configure > Users page, you'll now see that the Job Admin permissions has been split into two levels -- Job Admin: Standard and Job Admin: Private. These will allow you to determine which level of access a user has on each role. In this case, the user will have access to the Private tab for the Marketing Assistant job, but not the VP of Marketing job.
Below that, you'll see another option that will determine what permission level a Job Admin should have when creating a new job. A user's permissions can always be adjusted later, but it will allow you to set a baseline for each of your users.
You can also add users to both permission types on the Job Setup > Hiring Team page for each job.
If you want to quickly audit which users have this private access, you can click the Export to Excel button on the top-right of the Configure > Users page, which will give you a spreadsheet that outlines details about your various users and their permission levels. On the right side, a column called Jobs with Private Data Access will list each position where a user is a Job Admin: Private.
A side effect of this change is that a Job Admin will only be able to move a candidate to another job where they have permissions that are the same level or lower, but not higher. Let's take the user above. She can see private data on the Marketing Assistant job, but not on VP of Marketing.
- Moving or adding a candidate from Marketing Assistant > VP of Marketing is allowed, since Allie is moving a candidate from a job where she has higher permission to one where she has lower permissions.
- Moving or adding a candidate from VP of Marketing >Marketing Assistant is not allowed, since a this would allow her to upgrade her permissions past where they have been set and see the candidate's private data.
Users with the Job Admin: Private permission can view private files, private notes, and offer details for any candidates on their jobs. They can also generate offers and request approval, while a Job Admin: Standard can't do any of the above. If we allowed a Job Admin: Standard to move a candidate to a job where they are a Job Admin: Private, they would instantly see all of that information on the moved profile.
Regardless of whether the intent is malicious or accidental, allowing this action could show an employee that a new hire in their role is making more money than they do themselves or that they are at the bottom end of the salary band for for the job. They could find out sensitive details about a new hire's health or family situation that were meant to be kept between the Hiring Team and the candidate, or even read a negative comment that an interviewer mentioned on their scorecard. Because these incidents represent some of the worst-case scenarios for your users and Hiring Team, the restriction between moving candidates was a necessary addition.