Getting Started with Access Control

Create and manage custom access levels groups for different users.

1. Click on the Access Control button on the top-right of your home screen.

   

2. You'll see a list of users on the left, along with three key options at the top right:

   Create Access Group, Manage Access Groups and Export Access Logs

   

1. Click on Create Access Group button on the top right of your screen.

   

2. Name your new access group.

   

3. Define access fields.

   This step allows admins to define exactly what each group can view, edit, or hide, ensuring precise data access for every role.

   

   You can define access across the following categories:

   • Basic Profile: Standard details like name, department, and email.

   • Compensation: Sensitive financial data such as salary.

   • Custom Fields: Any organization-specific fields added to the system.

   • Sensitive Data: Critical data fields that may require restricted access.

4. Set access levels.

   
   For each category, admins can set specific access levels for different data fields:
   
   • View: Users can see the field but cannot make changes.
   • Edit: Users can view and modify the field.
   • Hidden: Users will not have access to the field at all.
     These settings can also be applied across all fields within a category by selecting the Apply to all fields option.

5. Click Save to finalize the access group.

   

   Your newly created group will now appear under Manage Access Groups, where you can edit it anytime.

Inviting Users and Defining Scope

Invite Users

1. Click on the Invite User button.

   

2. Enter the email address of the person you want to invite.

   

3. Choose the appropriate access group for the user. 

   

Define Scope

Scopes determine who the assigned access permissions will apply to within the organization. While access groups define what data users can view or edit, scopes control whose data they can access.

Even within the same group, users can have different data visibility. A Product Manager and a Marketing Manager may have the same permissions but only access their respective teams' data.

• Grant access to a specific manager’s team (e.g., Fred’s team), meaning the user can only view or edit fields related to that manager's direct reports.
• Apply access permissions to specific departments or selected employees within the organization.

1. After selecting an access group, click on Select Scope.

   

2. Grant access to a specific manager’s team (e.g.,Robyn's team), meaning the user can only view or edit fields related to that manager's direct reports

   

3. Apply access permissions to specific departments or selected employees within the organization.

   

4. Click Apply to finalize and send the invite. The invited user will receive an email with login details and will only have access to the designated data within their assigned scope.

   

Updating User Access and Scope

If access requirements change, you can easily update user permissions:

1. Search for the user in the Access Control panel.

   

2. Click on Update Scope to add or remove departments or teams and modify their scope.

   

3. Apply the changes to reflect the updated access permissions.

   

Deleting Scopes

To delete a user’s access scope, you can click on the Delete button next to their scope and reset their access as needed. This allows you to create new scopes or adjust existing ones for individual users as organizational needs change.

Exporting Access Logs

Click on the "Export Access Logs" button to download a .csv file containing detailed records of each user's access group, details of their scope and their allowed permissions for security monitoring, ensuring that you have a complete record of system access at any given time.