How to extend and customize standard permissions
Custom permissions are user-defined access rights that allow to limit or extend standard permissions to suit specific use cases and requirements. They provide a more tailored and flexible approach to access control beyond what the standard permissions offer.
Via Custom Permissions we define who should have tailored access to people data and certain features for a set target group of employees while standard permissions apply for employees outside the target group.
What can be customized
Depending on the Standard Permission level access to features and people data is set. You can then decide whether you want to add or remove read and/or write access to the following:
People Data access in employee profiles
Work (each data field within the section)
Personal (each data field within the section)
Employment (whole section)
Compensation (whole section)
Notes (whole section)
Children (whole section)
Feature Access
Onboarding
Offboarding
Reports
Payroll reports
For others features access can be managed via the feature settings directly, rather than via settings of custom permission.
In 'Settings --> Permissions' you will see the 4 permission description but for easier understanding we will adjust terminology a bit as per followed:
Owner = Role that allows user to see & do everything
Admin = Role that allows user to the most with a few limitations in terms of feature and people data access
Colleagues = Role that has Member at core with limited access to features and people data in the organization
Below we will continue refer to Members as Employee
The term 'colleague' we will instead continue to refer to when talking about what an employee can see for fellow employees
Manager = Role that has Member (Employee) but has extended permission for subordinates (direct reports)
In 'Settings --> Permissions' you will see the 4 permission description but for easier understanding we will adjust terminology a bit as per followed:
Owner = Role that allows user to see & do everything
Admin = Role that allows user to the most with a few limitations in terms of feature and people data access
Colleagues = Role that has Member at core with limited access to features and people data in the organization
Below we will continue refer to Members as Employee
The term 'colleague' we will instead continue to refer to when talking about what an employee can see for fellow employees
Manager = Role that has Member (Employee) but has extended permission for subordinates (direct reports)
1. Use Case: Regional HR Manager
HRBPs are supposed to have ability to oversee people function for the whole organization - with full access to people data for a region and limited access to another region. In our example we want HRBPs to have no access to compensation and payroll for an office they are not responsible for (Office based).
What needs to be set up:
Anna:
VP people has Standard Owner permission which gives her full access to all people data incl. compensation in the whole organization
Lina:
Custom Admin permission gives her full access to compensation for employees at the Sweden and Norway office
She can access profiles of employees in Holland as by Standard, meaning without access to compensation
Erik:
Custom Admin permission gives him full access to compensation for employees at the Holland office
She can access profiles of employees in Holland as by Standard, meaning without access to compensation
Guide to how to set up a Regional HR Manager
You need to create 2 custom permissions:
Lina & Erik both have Standard Permission as an Admin which you now want to customize by giving more access for a chosen target group, in this case per office/region.
Step 1: Create Custom Permission by clicking "New custom role" (we now define for what target group they should not have full access to)
Step 3: Choose Admin as type of role
Step 4: Give the role a name and description that makes it easy for you to identify.
Step 5: Choose Erik as selected user for the custom permission
Step 6: Choose the scope to what the extended access should apply to
Step 7: Click "Next" and now decide what Erik should be able to see & do for employees within the scope of Holland
Enable toggle for Compensation
If you want you can also e.g. enable Reports so that he can take out information for the target group of the Holland office
"Save" ?: You now set up the rule of how you extend Eriks permission to handle employees in Holland.
Now you do the same for Lina, by replacing the target office.
2. Use Case: Allow manager on- and offboarding
The Head of Sales has by default access to detailed information access of direct reports but restricted member access on people data for any other colleagues in the organization.
The manager permission needs to customized by giving access to the to onboarding and offboarding feature so that the Head of Sales can initiate those
processes for team members.
Guide to how to setup Custom Member
Step 1: Create Custom Permission by clicking "New custom role"
Step 2: Choose Admin as type of role
Step 3: Give the role a name and description that makes it easy for you to identify.
Step 4: Select Erik as the user who should have this custom permission
Step 5: Choose the 2 departments that this custom permission should apply for
Step 6: Click "Next" and now decide what Erik should be able to do:
Enable toggle for Onboarding & Offboarding
Note: In addition, in the section Access to Profile fields", you could also make other adjustments to profile access for the scope of Account Executives and Business Developers.
"Save": You now set up the rule of extend Eriks permission to handle onboarding and offboarding. For any employees outside the scope, the standard permission applies.
3️. Use Case: Payroll Manager
The Payroll Manager has no direct reports and therefore Manager permission but has a functional responsibility of being able to see employees' salaries to be able to perform payroll reports.
The Standard permission is Member, meaning that the Payroll Manager can only access very limited information about employees. While the idea is to protect personal and work related information about employees that the payroll manager does not need to access to in order to perform their tasks, we need to extend permission to access necessary information such as employment and compensation.
Guide to how to setup Payroll Manager
As per Standard permission, the Payroll Manager has a member permission at core with very limited access to features and profiles. The goal now is now to give them permission to increase profile access and functionality to be able to perform payroll actions.
Step 1: Create Custom Permission by clicking "New custom role"
Step 2: Choose Member as type of role
Step 3: Give the role a name and description that makes it easy for you to identify.
Step 4: Select the Payroll Manager as user who should have this custom permission
Step 5: Choose the the whole company has scope for this custom permission to apply
Step 6: Click "Next" and now decide what Erik should be able to do:
Disable Onboarding & Offboarding as well as Reports
Enable: Payroll Reports
Chose in the profile access which fields should be accessible (view and/or read) such as Employment and Compensation
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article