This guide explains how to control which fields within a page a user role can view and edit. Access is broken down into three levels depending on the type of user role:
- Own record
- Subordinate records (where a user can view people they line manage)
- Record and field groups (HR users only, to control the groups of people they can see and the fields within those records)
See Security - Field Group Management to set up field groups first, which can then be applied to user roles, and Security - User role management overview for overall role configuration.
🎥Bitesize videos availableFor detailed guidance on User role management, and many others, check out Ciphr Academy. ⚠ Important: To ensure access via SSO please log in to the Academy via your HR system first. Once logged in, you can access the videos here: Ciphr Academy – Bitesize Videos. |
Own field group security
- Go to System Configuration > Role Management
- A list of the existing user roles will be presented
- Click the relevant user role. A screen showing Actions will be displayed
- Click on the Own Field Group Security option
- The screen will indicate in the top left corner the name of the user role that is in view
- On the right of the screen, a list of all the Field Groups will be shown
- Clicking on the name of the field group on the right will highlight it and bring it into view. Multiple field groups can be selected as required. Click the x next to a group to remove it from the main window
- Field groups in the main window on the left can have permissions applied:
- Write access - the field is visible and editable
- Read only - the field is visible but greyed out and can't be edited
- Hidden - the field will not show on the page
|
Tip: The 'all other field groups' setting at the bottom is the default setting that will apply to any field groups not highlighted and present in the main window, so you only need to highlight field groups that differ to the 'all other' setting. It's recommended to keep the 'all other' setting to Hidden for non-HR user roles, but for HR system supervisor type roles, setting the 'all other' to write access means they can edit everything without having to select all the groups. |
- If changes have been made to the access permissions, then click Review Changes
- A summary of the changes made will be presented
- Click Update if the changes are as required
Subordinate field group security
- Go to System configuration > Role management
- A list of the existing user roles will be presented
- Click the relevant user role (not a Normal user type, as they don't have access to subordinate records). A screen showing Actions will be displayed
- Click on the Subordinate field group security option
- Follow the same steps as Own field group security, but this time you're applying permissions for when the user is viewing the records of people they line manage
HR user record and field group security
- This only applies to HR-type user roles where, by default, they can see everyone in the system, so record groups can be used to restrict this as needed. See Record Groups for more on how record groups work.
- Go to System Configuration > Role Management
- A list of the existing user roles will be presented
- Click on a role that is an HR User type user role. A screen showing Actions will be displayed
- Click on the Record & Field Group Security option. This option will only be available to user roles that are of the HR User type
- The screen will indicate in the top left corner the name of the user role that is in view
- On the top right of the screen, a list of all the Record Groups will be shown
- Clicking on the name of the record group will highlight it and bring it into view. Multiple record groups can be selected as required
- The cross in a circle will remove that record group from view
- Having displayed the record group(s) required, click on one of them so it is surrounded by a box
- Click on the name(s) of the field group(s) to be displayed from the Field Groups listing, and those groups will then be made visible for the record group and will show the access to fields in those field groups for that group of records that the user role has. The green plus sign alongside Field Groups will display all the field groups, but may make the screen less manageable than just selecting those that you require to be displayed
| Note: Configuration of field-based security and field groups needs to be managed with caution, and it is suggested that tests of the roles are undertaken to ensure that the roles do not have access to information that it should not be able to see. |
- Depending on the overall access, which is displayed on the top line, access to the various field groups can then be determined
- If the top line access has Hidden set, then no changes can be made until the access has been modified to Write Access or Read Only
- The cross to the right of each field group will remove that group from view
- If changes have been made to the access permissions, then click Review Changes
- A summary of the changes made will be presented
- Click Update if the changes are as required
Related articles
Footer
Comments
0 comments
Article is closed for comments.