Learn how you can create and manage custom access levels groups for different users.
Access Control allows admins to set and manage permissions using access groups. Create and manage role-based templates to define data visibility and editing rights for multiple users at once, ensuring secure and efficient data management.
Confidentiality
You can create strict role-based access controls to make sure each member of your team only sees data that they are supposed to see.
Navigating to Access Control
-
Click on the Access Control button on the top-right of your home screen.
-
You'll see a list of users on the left, along with two key options at the top right:
Create Access Group and Manage Access Groups.
Creating an Access Group
Access Groups allow you to apply consistent access permissions to multiple users.
-
Click on Create Access Group button on the top right of your screen.
-
Name your new access group.
-
Define access fields.
This step allows admins to control what data users within this group can view, edit, or keep hidden.
You can define access across the following categories:
-
Basic Profile: Standard details like name, department, and email.
-
Compensation: Sensitive financial data such as salary.
-
Custom Fields: Any organization-specific fields added to the system.
-
Sensitive Data: Critical data fields that may require restricted access.
-
-
Set access levels.
For each category, admins can set specific access levels for different data fields:
-
View: Users can see the field but cannot make changes.
-
Edit: Users can view and modify the field.
-
Hidden: Users will not have access to the field at all.
These settings can also be applied across all fields within a category by selecting the Apply to all fields option.
-
-
Click Save to finalize the access group.
Your newly created group will now appear under Manage Access Groups, where you can edit it anytime.
Inviting Users and Defining Scope
Invite Users
-
Click on the Invite User button.
-
Enter the email address of the person you want to invite.
-
Choose the appropriate access group for the user.
Define Scope
Scopes determine who the assigned access permissions will apply to within the organization. While access groups define what data users can view or edit, scopes control whose data they can access.
For example, after assigning permissions to an HRBP group, you may want to limit access to only specific teams or departments.
- Grant access to a specific manager’s team (e.g., Fred’s team), meaning the user can only view or edit fields related to that manager's direct reports.
- Apply access permissions to specific departments or selected employees within the organization.
-
After selecting an access group, click on Select Scope.
-
Grant access to a specific manager’s team (e.g.,Robyn's team), meaning the user can only view or edit fields related to that manager's direct reports.
-
Apply access permissions to specific departments or selected employees within the organization.
-
Click Apply to finalize and send the invite. The invited user will receive an email with login details and will only have access to the designated data within their assigned scope.
Updating User Access and Scope
If access requirements change, you can easily update user permissions:
- Search for the user in the Access Control panel.
-
Click on Update Scope to add or remove departments or teams and modify their scope.
-
Apply the changes to reflect the updated access permissions.
Deleting Scopes
To delete a user’s access scope, you can click on the Delete button next to their scope and reset their access as needed. This allows you to create new scopes or adjust existing ones for individual users as organizational needs change.