This module allows you to create ‘Access Roles’ which allow you to define a level of access to your specification. This includes other employees they can access, what information about these employees they will be able to see and/or edit. You will also be able to set what system features they have access to use, such as being able to process leavers or access the main system settings areas.
Section 1 – Navigating to the Access Roles area
1a. Go to settings
To navigate to the ‘Access Roles’ area, you must first go to the main system settings. To do this, click the ‘Settings’ icon in the left-hand menu.
1b. Access Roles
Once in the main settings, you will then see the option ‘Access Roles’ click on this to enter this module.
1c. Access Roles Main Screen
You will then be presented with this screen where you can see the list of ‘Access Roles’ currently in your system in a table. The next section is to break down how to manage these ‘Access Roles’.
2. Managing Access Roles
2a. Managing Existing Access Roles
To start managing an existing ‘Access Role’, click on the role from the table below.
2b. Access Role Details
Once you click the role you want to view and manage, you will be presented with this screen labelled ‘Details’.
In this screen you will see several key items highlighted in the image below.
Item 1 – Details tab: This is where you can select to view the ‘Details’ section of the ‘Access Role’ you are managing (this is the screen you are currently in). Here you can manage the role name and description.
Item 2 – Role name: This is where you can edit the name of this ‘Access Role’.
Item 3 – Description: This is a summary of what this access role is, who it is for and what it allows the users assigned to see and do.
Item 4 – Done: This is the button to click to save and apply the changes you have made in this screen such as the ‘Role name’ and ‘Description’.
2c. Access Role Permissions
Click on the tab labelled ‘Permissions’ on the left-hand side. The image below highlights some key items from this screen.
Item 1 – The permissions tab: Click here to navigate to this screen from the ‘Details’ area.
Item 2 – Permissions breakdown: Here you can choose which section of the permissions you are managing between.
A. Own Profile: This will define what an employee with this access role can see and do in relation to their own profile and information.
B. People: This will define what an employee with this access role can see and do in relation to other employees as well as define who the groups of people are and what variations are in this access role across all people groups.
C. Features: This will define what additional system features this access role can use. These features include items such as Employee Planners, Company Calendar, Settings.
D. Custom Actions: This will define what additional custom actions this access role can use. These include items such as Send Login Invites and Send Mobile Verification Codes.
2d. Own Profile.
When in the ‘Own profile’ section of the ‘Permissions’ area within an access role, you will be presented with the following options on the screen. Key items have been highlighted.
Item 1 – Screen name
This is the name of the area within the users own profile that you are managing the access for.
If you do not select and manage ‘Field permissions’ (Item 6) be aware that you will be granting and managing access to all of the contents in this screen/area.
Item 2 – View
This allows you to grant view only access to any of the areas listed below.
Mark this as ‘on’ against any screen name to enable view only access to it for the users own profile.
Item 3 – Update
This allows you to grant ‘Update’ access to any of the areas listed below, this will mean they can edit the existing items in this area only.
This doesn’t allow them to ‘Add/Create New’ items if this area allows such functions.
Mark this as ‘on’ against any screen name to enable ‘Update’ access to it for the users own profile.
Item 4 – Add
This allows you to grant ‘Add’ access to any of the areas listed below (If the add function exists in this area), this will mean they can add new items in this area only.
This doesn’t allow them to ‘Update’ items if this area allows such functions. If you need this person to be able to Update and Add to this area, you must enable both options.
Mark this as ‘on’ against any screen name to enable ‘Add access to it for the users own profile.
Item 5 – Delete
This allows you to grant ‘Delete’ access to any of the areas listed below (If the add function exists in this area), this will mean they can fully delete any existing items in this area only.
This doesn’t allow them to ‘Update’ or ‘Add’ items if this area allows such functions. If you need this person to be able to Update, Add and Delete items in this area, you must enable all three options.
Item 6 – Field Permissions
This allows you to manage the permissions to a specific screen down to field level.
Screens that consist of multiple data fields will allow you to define access to this role to each specific field within the screen.
Click the option labelled ‘Field permissions’ on any screen name to view and manage the access to each field within this screen.
Once clicked, you will be presented with the following screen. You can select either or both options ‘View’ and/or ‘Edit’ for each ‘Field name’ listed in this screen. (The icon to the left of the screen name identifies what type of field this is e.g. Checkbox, Date field etc.)
Once you have enabled the view and/or edit options for each field, click ‘Done’ at the bottom to return to the previous screen.
Remove field-level permissions’ to the left of ‘Done’ will bulk switch off all field level permissions to this screen instead of actioning individually.
Please note, you DO NOT need to apply field level permissions if you want this access role to have access to the entire screen. Simply use the main options, View, Update, Add and Delete. Without field level permissions applied, these always apply to the entire screen/area.
If field permissions are applied already, you will see this indicated with the green dot. If this green dot doesn’t display, there are currently no field level permissions applied for this access role.
Item 7 – Preview screen
This allows you to view the system area you are managing the access and permissions for without leaving this Access Roles settings area and therefore not losing any of the progress you have already made.
This is an easy way to see exactly what information is captured in this area while you are managing the access and permission to it.
When you click ‘Preview screen’ you will see a screen like the ones below, open up to show you what this area looks like with no records or simply no information populated (depending on if it is a ‘Form/Single record’ or a ‘Table/ Multiple record’ type screen.
Table/Multiple record preview
To view the what the screen looks like when adding a record, click the ‘+ Add record’ option in the top right, you will then see the screen presented like so.
Form/Singe record preview
2e. People
When in the ‘People’ section of the ‘Permissions’ area within an access role, you will be presented with the following options on the screen. Key items have been highlighted.
Item 1 – In the ‘People’ area, under screen name, you will first see the list of the various groups this Access Role has permissions to.
You can see in this example there are two groups, Head office and Their team. Click on the name of the group you wish to open and manage the user of this role’s permission to them.
When you click on the group name, you will see the same options appear the same as was broken down in the ‘Own profile’ section.
All the settings here apply the same as ‘Own profile’ in terms of how to manage.
Item 2 – Add another group.
This allows you to create a brand-new separate group of users to add to this access role as their own permission group where the permissions to this group can vary greatly from the other groups in this access role.
When you click ‘Add another group’ you will be presented with the following screen to first define the group name. Once you have typed the name of this group in the ‘Group name’ field, click next to proceed to the following screen where you can select who to include.
Here you can search for people to add to this group by typing in the ‘Search people’ field. You can search by various criteria including name, job role, department, location, contract type and hierarchy position.
If you select options from different categories for example, a location and several departments, the different filter typed will be combined as an add rule.
If you select options from the same category, these will be applied as an OR rule.
Example 1- Typing Head Office (location), Sales (department)
This will result in only finding people that are in the location head office AND in the Sales department.
Example 2 – Typing Head Office (location), Sales (department), Marketing (department)
This will result in finding people that are in the location head office AND in either the Sales department OR the Marketing department.
This wouldn’t include people in sales or marketing department employees in any other locations.
You also have the option to ‘Exclude people’ this way you can select a group in the ‘Search people’ option and then exclude any individuals or smaller groups from within the entire group initially selected.
This is useful in scenarios where you want to grant access to a large group such as the entire company or an entire selected location but then exclude your senior executives by name.
You can use the ‘View filtered results’ option to check the list of employees who you currently have included in the filter group, this way you can be certain this is correct before saving this group to the access role.
Once you have completed filtering the selected group of people for this specific group, click save.
Once you click save, you will see the new group with the name you labelled it as, showing in the list on the previous screen which you will be automatically taken back to.
2f. Features
When in the ‘Features’ area you will be presented with the following screen (key items labelled).
Item 1 – Users & Data
If you click on this item to expand, you will see the following.
Use the switch buttons next to each item to turn access to this feature on or off.
Add new employee – Allows them to create new employee profiles only.
View calendar – Allows them access the calendar area in the main menu.
Process leaver – Allows them to mark people as leavers (which will terminate peoples access when doing so)
View org. chart – Allows them to access the company org chart in the main menu.
Item 2 – Settings
If you click on this item to expand, you will see the following.
Use the switch buttons next to each item to turn access to this feature on or off.
Manage dropdown lists – This means that the user of this access role will be able to edit dropdown lists in areas they have access to, e.g. training – They could manage the dropdown list of training courses to edit the list items, add or delete list items.
Event manager – This means the user of this access role will be able to access and interact with the event manager settings area.
Working hours – This means the user of this access role will be able to access and interact with the working hours settings area.
Document categories - This means the user of this access role will be able to access and manage the list of document categories that applies throughout the system.
Document templates – This means the user of this access role will be able to access and manage the ‘Documents’ settings area to manage the system document templates.
Company document - This means the user of this access role will be able to access and manage the ‘Company Documents’ area, meaning they can upload and share documents and general materials to the rest of the company through this feature.
Manage company settings - This means the user of this access role will be able to access and manage the ‘General’ section within the calendar and planner settings area. This includes company defaults, leave and absence-based settings as well as system features that can be globally switched on and off.
Item 3 – Planner
Edit past events - This means the user of this access role will be able to edit events that are in the past.
Add Attendance through calendar - This means the user of this access role will be able to add new attendance events.
Edit Attendance through calendar - This means the user of this access role will be able to edit existing attendance events.
Delete past events - This means the user of this access role will be able to delete events that are in the past.
Book own sickness - This means the user of this access role will be able to book sickness in their OWN planner.
Manage individual planner settings - This means the user of this access role will be able to access and manage all the items in the planner settings area for all users they can access. This includes assigning/updating work patterns, editing entitlements and other factors relating to their individual planner.
Item 4 – Calendar
This allows you to manage the access for this access role that applies to the company calendar area, separate from individual planners.
Who can they see – Here you can select which groups they can select to view in the company calendar.
Who are they going to have access to? – This allows you to select a specific filter group of job roles, departments, locations, employment types and named individuals if the standard groups don’t capture what is needed.
Exclude people – This allows you to select specific people from the group of ‘Who are they going to have access to?’ e.g. directors and senior executives.
What can they see? – This allows you to select the specific event types that will show in the calendar when viewing these people within it.
Sickness: Display as – This allows you to decide if sickness events show as simply ‘sickness’ or shows the exact reason such as ‘flu/operation/headache’ or ‘not available’ which will show the sick event simply as ‘Not available’ for the duration it is booked in the calendar for.
2g. Custom actions
When in the custom actions area, you will be presented with the following screen.
Item 1 – Custom action name
This shows the name of the custom action you are giving access to, these can vary in each system as they are custom by nature.
Standard items to expect to see in here are; ‘Send login invite’ and ‘Send verification code’ as these are standard for rolling out the system.
Additional items here are custom therefore the information of what these do will be relayed to you when these are created and added to your system.
Item 2 – On/Off switch.
To enable this access role to use this custom action, switch to on (image below)
Click ‘Done’ in the top right to save all your changes once applied and you wish to exit.
Custom actions
These work by selecting employees from the people list and triggering the action from the banner that appears.
2h. Creating a New Access Role
To create a new access role, you always copy from an existing template.
There are 4 standard templates in all Sense HR systems by default.
These are;
Administrator – Access to everyone and everything in the system.
Manager – Access to their team (direct reports only) with limits as a line manager.
Manager with indirect reports – Access to their team (including indirect reports) with limits as a line manager.
Standard user – Access to their own profile and general company global features as an employee.
To create a new custom Access Role, click on the 3-dot menu next to an existing Access Role. When you click this option you will see the options copy and delete.
Click ‘Copy’ to duplicate this template and edit to customise it to your desired role.
When copying, use the template closest to the result, for example if you are wanting to setup an administrator level access but with a few limitations, copy from the administrator template.
If you want to setup a role like a manager but with changes, copy from the managers options.
If you want to setup a role like a standard user but with changes, copy from the standard user template.