This is where you can:
- add/edit/delete roles
- define permissions on feature groups for each role
- change level on roles
- add/delete levels
When you click on role management, you will see six default roles (click here to see a list of the default roles). Those are predefined roles with predefined permissions. You can rename, edit, or delete them (except for the employee role). They can also be copied and used as a template for a new role.
Each of the default roles is placed on a “Level”. Levels are a new concept used to define what roles should or should not have access to sensitive information. The default rule for levels is that managers with the same role will not see data for colleagues who are on the same level or a level above but they will see data for colleagues on a level below.
For now, the rule for levels is only applicable on three feature groups (click here to read more about the existing feature groups):
- Salary (not applicable on cost variables)
- Scheduling (for scheduling the rule is that you will see data for the same level and below)
Example: Managers with a role on level 3 will be able to see salary details and people details on employees with roles on levels below (4, 5, 6). They will not see salary and people details for employees with roles on the same level or above (3, 2, 1).
It is possible to add more levels than the default ones. Just click “Add level”, give the level a name, and then move it up or down by using the buttons “Move level up” or “Move level down”. By doing this, you can, for example, have two roles for Local Managers but on different levels. The one higher up in the hierarchy will be able to see salary and people details for the one below and vice versa.
You can edit the existing permissions of the predefined roles or set permissions on roles you create.
To edit a role - click on Edit role.
To add a new role - click on Add role.
- If you click on add new role, a popup will appear where you give your new role a name and select what template to copy from.
- Then, a panel will open on the right-hand side.
- This is where you set the permissions for each feature group:
First headline is Permissions.
For each feature group (you can read more about feature groups here), you can select one of three different permissions:
- No permission - the role will not see any data within that feature group.
- View permission - the role will be able to view but not edit data within that feature group.
- Write permission - the role will be able to view and edit data within that feature group.
When you have defined permissions for each feature group, click Save and you new role is ready to be used.