Employee Hub permissions and roles
Updated
by
Leigh Hutchens
This document is a quick-start guide to understanding how roles and permissions are handled in Quinyx WFM and the Employee Hub.
Employee Hub toggleable features
In Quinyx, every user is required to have a Staff Category, which assigns them basic system permissions. In the Employee Hub module the Staff Category can control access to modules (e.g. Stories, Forms). The Staff Category is also the role label associated with each user for distribution purposes (i.e. if you want to distribute a resource you can choose to distribute to a particular Staff Category).
If additional access is needed, a user can also be assigned one or more Manager Roles, configured under Role Management. The permissions within roles allow control over the creation and sending of resources, access to reports, and widget management.
The list of Employee Hub modules that can be toggled follows:
- Events.
- Forms.
- Reports.
- Stories.
- Widgets.
How permissions work in WFM
Quinyx WFM currently has a dual permission system. Each user can either be a member of a staff category, in which case they’ll only be assigned the special system role Employee or a Manager. Users will be assigned one or more roles, configured under Role management, in addition to the staff category one.
Each employee in the system must have a single Staff Category assigned. Each staff category has its own permissions, which can be configured under Mobile and staff portal permissions. These permissions are the only ones a staff member can have and are superseded by the manager if an employee has both.
Roles
Manager user: When we use the term manager, we refer to users responsible for administering the platform and distributing content to those below them in the organization hierarchy.
Employee user: When we use the term Employee, we refer to users who receive content distributed by Manager users and do not create or distribute content themselves.
Role permissions
This set of permissions enables or disables EH functionality in both the web application and the mobile application for Manager users. Role permissions are relevant only to Manager users and are not applied to employees.
General rules
Given a user can be granted a combination of Role AND Staff Category permissions, there are some general rules to be aware of regarding how these permissions interact:
- Quinyx will always query both Role AND Staff Category permissions to inform the rights a user has in the system.
- Conflicting permissions will always bias towards the positive. For example, if a user has ‘Stories’ enabled in Staff Category permissions but disabled in Role permissions, Stories will be enabled for the user.
- Role levels e.g. Level 1 vs Level 2 have no impact on FLP permissions - this is relevant only for Quinyx WFM customers. For example, if a user has ‘Stories’ Role permission disabled for a Level 1 role but enabled for a Level 2 role, Stories will be enabled for the user.
Staff categories
Given an Employee will not be granted role permissions, this additional set of permissions governs the visibility of features in both the web application and the mobile application for Employees. Staff Categories also govern which EH side menu options are visible to a user (both Manager and Employee) in the mobile application. As a result, Manager users may also need to be granted some Staff Category permissions, e.g. in order to grant a Manager user visibility of the ‘Stories’ side menu option in the mobile application.
Difference between role and staff category permissions
There are some permissions that staff categories cannot grant. The permissions in question include:
- Widget management.
- Create and/or distribute content.
- Reporting.
- Comment moderation.
Master Role Permissions
There are two master Role permissions which grant Manager users the following:
- Employee Hub (called task management in role permissions today)
OFF - disables Employee Hub for a user |  |
READ - turns Employee Hub ON for a user |  |
WRITE - turns Employee Hub ON and enables a user to CREATE resources |  |
If a user has WRITE permissions for task management, they can create tasks and stories. However, to distribute these, the distribution permission must also be set to WRITE.
When WRITE permissions are granted for distribution, it applies to any enabled module, such as Events, Forms, or Stories. For example, a user with WRITE permissions for both distribution and Stories can create and distribute stories.
To create and distribute forms, a user requires WRITE permissions for task management and distribution, as well as READ permissions for Forms.
- Distribution - controls whether a user can DISTRIBUTE resources.
OFF - disables distribution of resources for a user | |
WRITE - enables a user to DISTRIBUTE resources | |
If set to WRITE, this permission will be applied to any module enabled e.g. Tasks, Forms, Stories. For example, if a user is granted WRITE Distribution and Tasks Role permissions, they will be able to distribute Tasks.
Module Role Permissions
There are four additional Role permissions that grant Manager users the ability to VIEW the following modules:
- Stories.
- Forms.
- Events.
- Reports.
Used in isolation, these Role permissions offer users view-only access to each module. In other words, a user would need to be granted master permissions to create or distribute. For example, permission must be given to both the Employee Hub and Stories to enable users to create Stories.
Permissions configuration
The following are the recommended permissions settings for Managers vs Employees for each module e.g. Events, Tasks, Forms etc.
Events
Manager:
Level of Access | Role permission | Staff Category permission | ||
Off | Events (view) | | Events (view) | |
View only | Events (view) | | Events (view) | |
Employee Hub (enables FLP) | | Employee Hub (enables FLP) | | |
Create and distribute | Events (view) | | Events (view) | |
Distribution (distribute) | | |||
Employee Hub (create and enable FLP) | | Employee Hub (enables FLP) | |
Please note - ‘Events’ must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee:
Level of Access | Role permission | Staff Category permission | ||
Off | Events (view) | | Events (view) | |
View only | N/A | N/A | Events (view) | |
N/A | N/A | Employee Hub (enables FLP) | |
Please note - for Employee users, ‘Events’ Staff Category is only permission required to make Events visible.
Tasks
Manager
Level of Access | Role | Staff Category | ||
Off | Not possible | - | Not possible | - |
View only NB - user also able to complete a task and forward | Employee Hub (enables FLP) | | Employee Hub (enables FLP) | |
Create only | Employee Hub (create and enables FLP) | | Employee Hub (enables FLP) | |
Distribution of task (distribute) | | |||
Create and distribute | Employee Hub (create and enables FLP) | | Employee Hub (enables FLP) | |
Distribution (distribute) | |
Employee
Level of Access | Role | Staff Category | ||
Off | Not possible | - | Not possible | - |
View only NB - user also able to complete a task and forward | Employee Hub (enables FLP) | | Employee Hub (enables FLP) | |
Stories
Manager
Level of Access | Role | Staff Category | ||
Off | Stories (view) | | Stories (view) | |
View only | Stories (view) | | Stories (view) | |
Employee Hub (enables FLP) | | Employee Hub (enables FLP) | | |
Create | Stories (view) | | Stories (view) | |
Employee Hub (create and enables FLP) | | Employee Hub (enables FLP) | | |
Create and distribute | Stories (view) | | Stories (view) | |
Employee Hub (create and enable FLP) | | Employee Hub (enables FLP) | | |
Distribution (distribute) | |
Please note - stories must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee
Level of Access | Role | Staff Category | ||
Off | Stories (view) | | Stories (view) | |
View only | N/A | N/A | Stories (view) | |
N/A | N/A | Employee Hub (enables FLP) | |
Please note - for Employee users, ‘Stories’ Staff Category is only permission required to make Stories visible.
Forms
Manager
Level of Access | Role | Staff Category | ||
Off | Forms (view) | | Forms (view) | |
View only NB - user also able to complete a form | Forms (view) | | Forms (view) | |
Employee Hub (enables FLP) | | Employee Hub (enables FLP) | | |
Create and distribute | Forms (view) | | Forms (view) | |
Employee Hub (create and enables FLP) | | Employee Hub (enables FLP) | | |
Distribution (distribute) | |
Please note - forms must be set to ‘read’ in Staff Category AND/OR Role permissions - only one is required, both also fine.
Employee
Level of Access | Role | Staff Category | ||
Off | Forms (view) | | Forms (view) | |
View only NB - user also able to complete a form | N/A | N/A | Forms (view) | |
N/A | N/A | Employee Hub (enables FLP) | |
Please note - for Employee users, ‘Forms’ Staff Category is only permission required to make Forms visible.
Reports
Manager
Level of Access | Role | Staff Category | ||
Off | Reports (view) | | N/A | N/A |
On | Reports (view) | | N/A | N/A |
Employee Hub (enables FLP) | | N/A | N/A |
