What Roles should you create?
Some common roles that you may want to create are:
- Hiring Manager
- Department Cooridinator
- HR Specialist
- Accounting Team
- IT Specialist
You can grant each of these roles access to only the employee information they will need. You can specify within each role whether a user should see information for all employees or only employee for a specific department or location.
Before you create your first role:
- We recommend you change your Admin and Employee custom field permissions to be identical. You can do this by going to Settings > Permissions > Admin, and then making the No Access, View, and View & Edit permissions identical to an employee.
- Once these are identical, you can assign any user with a Custom Role Admin permissions so that they can access Admin features like reporting, without worrying that you are increasing their read or write permissions on custom fields.
- How can I give a user access to only some custom fields but not all?
- You'll want to create a Custom Role for that user, where you can specify which fields they should be able to see and for which employees. You can learn more here.
- Built in Roles are Employee, Admin and Super Admin. A full detail of what each role's permissions are can be found here.
- Custom Roles are roles that you can create to control which users can see sensitive information on employee profiles.
- Custom Roles will control access to Custom Fields, and will not control access to Features.
- Built in Roles will control access to Features. Features are things like Reporting, Onboarding, or the Settings of the account.
- Go to the Task View of an employee's profile and you will see their permissions listed, including what group of employee's they have their custom role for.
- Super Admins can add other Super Admins and Admins, and can create Custom Roles. They can also delete employee profiles. A full list of differences can be found here.
- Making your Employee and Admin custom field permissions identical means that the only difference between the roles is that an Admin can access Admin level features, like reporting, All Tasks, etc, where an Employee cannot. Both the Admin and Employee will have the same access to sensitve employee info. This will allow you to make someone an Admin, without granting them permission to see sensitive employee info like Date of Birth, SSN, Emergency Contact, etc.
- For example if you have an IT Manager that needs to see a handful of custom fields like 'software needs', 'computer serial number', etc, and you want them to be able to run reports, you would create a custom roles called IT Manager, and give them access to those custom fields, and then you would also add the person as an Admin, so they could access reporting. However, if your Admin role is set to have higher viewing permissions on custom fields, then he will inherit the higher permissions and will be able to see sensitive information for all employees. By making the Admin role the same as the Employee role, you are ensuring that the IT Manager will have access to Admin features, like reporting, but will still have a limited view on an employee's profile.
- Create a Custom Role called Manager, and specify which fields you think your Managers should have access to.
- Then add each manager of your org as a user for that role. As you add managers specify what department that user will have the custom role for. (ex: when you add your manager of the design team, assign them the role only for design)
- You can then assign them the Built-in Role of Admin, so they can run reports and monitor onboarding. However, they will be able to view all employees' going through onboarding. They just won't be able to view the custom fields for people that are not in their department.
- If the field cannot be viewed by All Employees it will live in Private Information
- If the field can be viewed by All Employees it will live in the Additional Information box