Role management

Updated by Daniel Sjögren

You can use role management to:

  • Add/edit/delete roles
  • Define permissions on feature groups for each role
  • Change level on roles
  • Add/delete levels

When you click on role management, you will see five default roles, but you can add your own staff categories in the system.

List of default Quinyx roles:

  • Manager: Access to the admin portal and is the highest role in Quinyx.
  • District manager: Access to the admin portal and are managers over a specific district (several units).
  • Local manager: Access to admin portal and only one unit.
  • Section manager: Access to admin portal, but limited to administrating their own section and do not have access to the whole unit.
  • Employee: Access to staff portal and can only edit their own times (if allowed) in staff portal and mobile app. 

Those are predefined roles with predefined permissions. You can rename, edit, or delete them (except for the employee role). They can also be copied and used as a template for a new role.

Only the role “Account owner/Manager” has access to the Account settings page by default. In order to access Account settings, a user must have a role added on the domain/customer level with read/write access to the account setting permission within that role.

Levels

Each of the default roles is placed on a “Level”. Levels are used to define what roles should or should not have access to sensitive information. The default rule for levels is that managers with the same role will not see data for colleagues who are on the same level or a level above, but they will see data for colleagues on a level below.

The rule for levels is only applicable on two feature groups (click here to read more about the existing feature groups):

  • Salary (not applicable on cost variables)
  • People

Example: Managers with a role on level 3 will be able to see salary details and people details on employees with roles on levels below (4, 5, 6). They will not see salary and people details for employees with roles on the same level or above (3, 2, 1).

It's possible to add more levels than the default ones. Just click Add level, give the level a name, and then move it up or down by using the buttons Move level up or Move level down. By doing this, you can, for example, have two roles for Local Managers but on different levels. The one higher up in the hierarchy will be able to see salary and people details for the one below and vice versa.

Please note that when it comes to roles hierarchy, we consider the entire customer tree

Add/edit roles

You can edit the existing permissions of the predefined roles or set permissions on roles you create.

  • To edit a role - click on Edit role.
  • To add a new role - click on Add role.
  • If you click on add new role, a popup will appear where you give your new role a name and select what template to copy from.
  • Then, a panel will open on the right-hand side.
  • This is where you set the permissions for each feature group:

The first headline is Permissions.

For each feature group (you can read more about feature groups here), you can select one of three different permissions:

  • No permission: The role will not see any data within that feature group.
  • View permission: The role will be able to view but not edit data within that feature group.
  • Write permission: The role will be able to view and edit data within that feature group.

When you have defined permissions for each feature group, click Save, and your new role is ready to be used.

Remember, the permissions you see when managing roles are dependent on other permissions (and modules).

Example:

If you set the People permission to no access, you won't see the permissions for People agreements and People details since those two are dependent on the people permission:

People permission set to no access:

People permission set to read access:

If People permission is set as No access, then People Details and Agreement permission will be hidden for that role.

If Punches permission is set as No access, then Manual Salary types permission will be hidden for that role.

If Scheduling permission is set as No access, then Absence, Lock Schedule, Punches, and Manual Salary types permissions will be hidden for that role. All other permissions are independent.
Tip! When configuring the Role for an employee, you can set the end date to be the same as the start date if you want to configure a role for a single day.

Roles overview

Shared label

You can see if an employee is shared from another unit when looking at that employee's role overview. The role that the employee has on the shared unit will be indicated with a blue label that says "shared":

Show groups with inherited roles

You can decide if you want to see inherited roles or not when looking at an employees role overview by checking the checkbox "show groups with inherited roles". The inherited groups will then be displayed and you will see a label called "inherited" next to the inherited role:

Visibility in Schedule and Base schedule

Background

Some users, such as senior managers and admins, might not necessarily need to be visible in the schedule on all the units and sections on which they have been assigned a role.

We distinguish whether a person is a "manager" (i.e. managing a unit/section) or whether a person is an "employee" (i.e. schedulable on shifts, able to punch in and out, request leave, etc.) by checking if they have the role "employee" on that unit/section.

Logic

This means:

  1. Only people with the role "employee" will be visible in the schedule view for a particular group (unit, section, etc.).  
  1. Only people with the role "employee" can be assigned on the shifts (punch, absence etc).
Note that a person will always need to have at least one role in the home unit.
If a person has both a manager and an employee role and is planned to work on shifts in the future, if the employee role is removed, the shifts cannot be edited, only deleted.
Inheritance logic

Just as a manager role, the employee role also has inheritance logic, which means that if a person has the role of employee on a unit, (s)he will also have an inherited membership on the sections below the unit and therefore be visible and scheduled on the sections. If that is not the desired behavior, the employee should instead be added to the specific sections in which he/she should be visible.

All people with manager roles in the system will also get an employee role when we release this functionality:

  1. If you don't want a person to be visible in the Schedule and Base schedule view, remove the role employee for that particular person and group under Account settings or Group settings. People with manager roles only will still be able to manage the unit/section, but they won't be able to be scheduled on that group. 
  2. When setting up a new manager and giving them a manager role, they must also have the employee role on the group in order to be scheduled. 
Visibility logic per schedule item

Shifts and tasks 

A manager with a manager role in a given group can:  

  • See people in the Schedule/Base schedule view with role employee.
  • Assign shifts/tasks to people with the role employee.

Absence requests and absences

A manager with a manager role on a section can: 

  • See absence requests and absences from employees with the role employee in that section and whose home unit is the unit of that particular section.
  • When adding an absence, the list only contains employees from the home unit with role employee in the section.

A manager with manager role on a unit can: 

  • See absence requests and absences from the home unit employees with the role employee.
  • The local manager can only add an absence for an employee with the role employee on the unit.

Punches

A manager with manager role on a unit can: 

  • See people with the role employee in the Schedule view.
  • Add/edit punches to people with role employee.
  • Attest time for people with the role employee (note that anyone with a manager role can attest another manager's punches/absences if they have write-permissions on Punches. The role levels are not considered here).

Notice of Interest

A manager with a manager role on a unit can: 

  • View Notices of Interest (NoI) from people with the role employee.

Unavailability in Schedule and Base schedule

A manager with manager role on a unit can: 

  • See unavailability for people with the role employee.

What we don’t support but plan to in the future

  • It's not possible in this release to delete a future role.
  • It's not possible in the release to add the same role as the person has already had.
In the off chance that the end date of a given employee’s Employee role is shortened to prior to any one existing schedule items (shift, task, punch, absence, absence request, etc.), the schedule item, as well as any related salary outcome, will currently remain on the same group when viewed by managers with manager roles.

People with expired roles

It's possible to assign a role to a person who has previously had a role that has expired.

When going to Account settings > Organization > Add member, you can find people with expired roles and assign them a new valid role.

For even more information, please see Roles and access rights FAQs.


How Did We Do?