This guide explains how to control which user roles, and which actions within them, other user roles can manage. It also covers how to configure a master role with unrestricted access.
See Security - User role management overview for overall configuration.
Contents
Roles
The Roles menu can give system supervisors greater control in areas such as:
- Add New Employee (Workflow): At the Security stage of the workflow, the list of available User Role IDs can be restricted, eg to hide the system supervisor roles from an HR administrator
- HR User Role access in a specific Entity/Location:
If local HR teams manage a specific area in the company, you can control their user role access so they can manage user roles in their area
Eg the Education HR User can only see roles within Education, and other user roles are hidden
| Note: This functionality does not apply to individual employee record visibility, which is managed by Record Group Security. |
Roles accessibility
The Roles menu shows which other user roles the selected user role has access to in the Roles tab, and the Role Management Actions they can see on the second Actions tab.
Choosing the Not Accessible option means the user role will not be able to see those user roles or actions.
Actions accessibility
|
Notes:
|
New User roles created by a restricted user role will automatically be accessible to the role that created it, but will be hidden from all other user roles. The creator will only be able to grant the new roles access to roles within their access rights.
|
Note: For users adding records via the Add New Employee (Workflow), they will need write access to the User assignment page to be able to select accessible user roles at the Security stage. Without access to this page, they will be able to access the default user role only. |
Master Role
A User Role can be assigned as a Master Role upon request to have unrestricted access to all user roles.
This is recommended for your System Supervisor-type role, who manages your system administration and security, but can be applied to multiple roles if required.
Master Roles will be able to circumvent any role restrictions configured against their role will be ignored.
They will be able to grant roles access to other roles even if their creator does not have access to the roles assigned.
To request the assignment of a Master User Role, please raise a Customer Care ticket specifying which user role(s) should be made Master User(s). The process is applied to your system database, so it must be completed by Ciphr.
It's recommended to include 'Master' in the User Role Description of the relevant role(s) to easily identify, e.g. 'Master System Supervisor'.
|
Notes:
|
Related guides
Footer
Comments
0 comments
Article is closed for comments.