System security in your HRIS Portal is based on the concept of customizable roles. A user can be assigned to multiple roles, with each role having customizable account settings, field settings, and module settings.

As all of the user's roles work together in determining the user's security profile, keeping the user's roles to a minimum is strongly recommended to avoid inadvertently granting access to unintended features. 

 

Commonly Used Roles

The first step in assigning roles is determining which access is required for each user. The system is set up with several pre-defined roles, as listed below:

Administrator

Allows access to administration-level functions in the system and the HRIS Administration Module. Do not place anyone in this role that does not have full access to the payroll and HRIS system.

Employee

Allows Employee Self-Service (ESS) functionality and should contain your default account settings. The system automatically places new users into the Employee Role when first registering.

New Hire

Allows onboarding functionality.

Account Employee Manager

Employees in this role are given access to the data of employees under them in the Organizational Hierarchy.

Account Group Manager

Users in this role are granted access to all employees in the account group. This option is only available if you have multiple payroll company codes. To limit the access of specific users in this role, please contact our Support team.

 

Customizing Roles

When custom access is needed, you can either:

1. Select an existing role and customize the module access within it.
2. Create new roles for specific users and assign those roles. You have the ability to create an unlimited number of Custom Roles.

 

Role Customization Options

You have the ability to customize roles completely to meet your needs. Here are some examples of the current and planned functionality for Role Customization in the system.

Currently Available:

• Exclude individual employees or a group of employees from an administrator's view.
• Require tiered approval when an administrator-level user or employee-level user makes changes to specific fields or menus within employee profiles.
• Allow an administrator to enter, but not submit the payroll.
• Change visibility and read-only configuration for entire sections, sub-sections, or at a field-by-field level for each role.

Not Available Yet:

• Allow an administrator-level user access to key in payroll without seeing rates.
• Create administrator-level users who do not have the ability to access rates or restricted employee sets that can only view Report Writer reports (not system reports).
• Require tiered approval for payroll processing.

 

Configuring Subsection Views

Finally, you have the ability to configure user permissions for each section, subsection, or field.

Visibility

You have the option to make any section, subsection, or field either visible or not visible to users.

Read-Only

Users with read-only access will be able to see the data in a field or section, but will not have access to edit it.

Requiring Fields

Assigning this forces the user to complete the section before they are allowed to save their changes.

Approval Type

This can be configured with Tasks to allow approval from certain users (Admins) before an item may be saved.

• Notify Only: This will notify the user (Admin) of any changes the employee makes and saves.
• Approval Template: This will notify the user (Admin) of any changes made and require their approval before the change is saved.

Custom Approval Templates & Tiers

If a template is created and assigned to a role, it will need to be the same Approval Template for the entire section.

Tiered approval is available in the Employee Role and Administrator Role under Employee Management.

 

FAQs & Common Scenarios

What if a User's roles conflict?

The settings for each assigned role will combine, allowing users with multiple roles assigned to them access to all features of each role.

Example: If a user is a member of Role 1, which only has access to Employee Self-Service, and is also a member of Role 2, which only has access to the HRIS Administration module, the user will have access to both Employee Self-Service and the HRIS Administration module in their portal.

 

How do you set up a Manager to only see select fields or menus?

This can be done in the HRIS Administration module under Users And Roles > Manage Roles > Module Access and Configuration.

 

How do you set up a Manager to only see select employees?

Restricted Employee Sets in the HRIS Administration module > Users And Roles will allow you to single out employees a user is able to view outside of Roles.

 

Can I allow a clerk to make entries in the system pending administrative approval?

Yes! You can allow them access using Approval Types by selecting them by name.

 

How can I update which fields an employee can update and/or change?

You can configure this through the Employee Role by selecting which views are Visible and which are Read-Only.

 

Can I require tiered approvals for employee changes?

Yes! This can be completed in the same manner as the Tiered Approvals on a Company Level.