Review User Access

As part of the Humanforce HR platform, there are default permission groups that can be assigned to provide platform access to members of your organisation.  Through the Permissions area in Settings, System Administrators have the ability to review the access provided by individual permission groups and also amend or add additional groups.  The article below is designed to help System Administrators understand how to review and confirm current access, and if required, create new permission groups.

Default Permission Groups

To view the default permission groups preset on your Humanforce HR platform, navigate Settings > Permissions.

System Administrators will see five available permission groups that can be assigned to employees.  

• Staff Member - these are the standard permissions for all team members.  Staff Member permissions also include supervisor permissions.  This is possible because Humanforce HR permissions work on the ability to view own (your own record), view subordinates (anybody that appears below you in the reporting tree) and view all.  This permission group includes the option to view subordinates as needed by a manager, but this will only come into effect if there are employees reporting to that person.
• View and Manage Training Records for All - this simple but common permission group can be added to team members responsible for monitoring and recording training for employees across the organisation. 
• HR Manager (Remuneration restricted to subordinates) - this permission group is designed for HR managers who may work in larger HR teams and should be able to complete administration tasks but should not have access to remuneration data for all employees.  In conjunction with delegated access, this permission group allows you to provide members of the HR team wide-ranging access but crucially not the ability to view rem data or sensitive manager's log items about colleagues in the same team.
• Finance Team (Assign Analytics access to this group to allow finance access to reporting) - this permission group is primarily designed to be assigned to finance team members so that within Aanalytics access to remuneration analytics can be provided to all members of this permission group.
• System Administrator (Locked) - the system administrator permission group is locked and cannot be amended.  Access to any new permissions will automatically be added to this permission group and those with this level of access and see and do everything on the platform.

Reviewing User Access

Humanforce HR has provided several ways for system administrators to review user access via permissions.  These are:

• List Permissions... - This provides a list of all permissions enabled for the specific permission group.
• Assigned to... - This provides a list of all the people assigned this permission group.
• Assume as... - This allows the system administrator to assume a specific permission group as a particular person in order to see what that person sees when they log in to Humanforce HR. You cannot use the assume as feature if the employee has an in progress onboarding session. 

To check what a team member can/cannot see and do on Humanforce HR, it is recommended that you follow the process below:

Checking Access

1. Navigate to the Profile of the team member whose access you want to check
2. Go to their User Account
3. Note the Permission Group assigned to them 

4. Go to Settings > Permissions

5. Click on the 3 dots to the right of the permission group assigned to that team member (as seen in step 3)

6. Assume as...

7. Select the name of the person you wish to assume as, and select Assume

8. You will see a banner at the top of the page stating the permission group you are logged in with, and you can now click through the platform to test what and who this specific user can see and do when assigned this permission group. If you complete any actions while using Assume As, these are real actions and will be applied in the platform. 

Amending/Adding New Permission Groups

In the event you wish to amend an existing permission group, follow the steps below:

1. Navigate to Settings > Permissions
2. Click on the 3 dots next to the permission group Staff Member > Duplicate
   Note: It is possible to create permission groups from scratch and add specific permissions such as 'View Diary Notes', and then add this permission group to the team members user account, effectivily layering their access; however, by duplicated your staff member access that will form the base level of permissions for your users and adding or removing permissions from this duplicate the process of checking user access will be much easier because you will be able to follow the steps in the 'reviewing user access' section to check permissions.
3. Click on the newly duplicated permission group (this will display with 'copy' at the end of the group name).
4. Select Edit
5. Amend the permission group name
   Tip: Permission Group names should not contain sensitive information, e.g. Diary Notes (all employees), because if employees are searching for self-service tiles available to them, they can also search by permission groups.
6. Search Permissions for the additional permission you would like to provide, and tick Allow on these

7. Once complete, select Save

   

8. Once the new permission group is saved, follow the steps in the section 'Reviewing user access' to confirm that the permission group will provide the correct level of access.
9. Assign the new permission group to the individuals that should have this amended access. This action can be completed via Settings >> User account or via the employee's Profile > User Account.

If you wish to amend access for all employees it is suggested you follow the steps in this section and once you are happy with the level of access you can amend the original permission group to match your duplicate.  This will allow you to test the amendments to the permission group prior to amending access for all.