Within HRWize, there are a total of 9 different User Groups available for you to choose from when setting up a user.
The Main Admin is the account that is used to sign up for the system and is the only account that is not linked to an employee file and cannot be assigned to an employee or user. This account can also be used to make license based changes to your HRWize subscription.
Each group gives the user a different set of permissions and access rights, and there are also a number of options available for users within those groups. This article will describe the different user groups available with the number of other options available for controlling access to the system.
User Groups
Admin
| User Group: Admin |
Admin users have NO restrictions whatsoever; they can see everything and do anything in the system - use with caution! This account is linked to a Self-Service account, but cannot be used to make license based changes to your HRWize subscription. |
| Can have a secondary user group? |
|
| Can limit employees they can access? |
|
| Can limit actions they can take? |
|
| Can limit access to pay/benefits? |
|
| Can limit access to specific fields? |
|
| Can prevent deleting? |
|
| Modules accessible by default |
|
HR
| User Group: HR |
By default, HR users are similar to Admin except they do not have access to the "Company" menu. |
| Can have a secondary user group? |
|
| Can limit employees they can access? |
By site, job level or company to an individual user |
| Can limit actions they can take? |
Options to apply global manager restrictions to an individual user. |
| Can limit access to pay/benefits? |
Options to apply global manager restrictions to an individual user. |
| Can limit access to specific fields? |
Options to apply global manager restrictions to an individual user. |
| Can prevent deleting? |
Can "hide" delete button from individual users - does not strictly prevent deleting. |
| Modules accessible by default |
ALL |
| Other information |
By default, an HR user will be able to manage their own account but you can disable this globally - this means that they will not be able to access their employee record, add time off for themselves unless it is done as an "employee" in their Self Service. |
Manager
| User Group: Manager |
Manager users are also "employee" users for any self-service purposes - in addition, any manager user can also be an approver by default. |
| Can have a secondary user group? |
Can have a secondary group of Finance, Recruiter, Trainer, or Facilities. |
| Can limit employees they can access? |
Can only see those who report into them. Optionally, they can also see candidates for whom they are set as the hiring manager. |
| Can limit actions they can take? |
Options to apply global manager restrictions to ALL managers. |
| Can limit access to pay/benefits? |
Options to apply global manager restrictions to ALL managers. |
| Can limit access to specific fields? |
Options to apply global manager restrictions to ALL managers. |
| Can prevent deleting? |
Can be set to read-only, which only applies to the employee record. For other actions such as deleting time off, this can be archived using global manager restrictions. |
| Modules accessible by default |
ALL |
Employee
| User Group: Employee |
By default, Employee can only see a sub-section of their information and their actions generate an alert or require approval. |
| Can have a secondary user group? |
Can have a secondary group of Finance, Recruiter, Trainer, or Facilities. |
| Can limit employees they can access? |
Can only access their own record. |
| Can limit actions they can take? |
See global employee restrictions. |
| Can limit access to pay/benefits? |
Can only see their own data, but can optionally give access to view their own salary, etc. |
| Can limit access to specific fields? |
See global employee restrictions. |
| Can prevent deleting? |
See global employee restrictions. |
| Modules accessible by default |
See global employee restrictions. |
Approver
| User Group: Approver |
By default, all Manager, HR, and Admin level users can also be assigned as an approver. |
| Can have a secondary user group? |
Can also be a Manager, HR, or Admin. |
| Can limit employees they can access? |
Can access those for whom they are set as an approver. |
| Can limit actions they can take? |
As an approver, you can only approve time off, training, etc. They can optionally be allowed to add and edit time off and/or time tracking records. |
| Can limit access to pay/benefits? |
Has no access as an approver. |
| Can limit access to specific fields? |
Cannot see any employee fields as an approver. |
| Can prevent deleting? |
Cannot delete anything as an approver. |
| Modules accessible by default |
See global employee restrictions. |
Finance
| User Group: Finance |
Finance users are employees with access to expenses and mileage modules. |
| Can have a secondary user group? |
Can also be a Manager. |
| Can limit employees they can access? |
By site, job level, or company to an individual user. |
| Can limit actions they can take? |
Options to apply global manager restrictions to an individual user. |
| Can limit access to pay/benefits? |
Yes to an individual user. |
| Can limit access to specific fields? |
Options to apply global manager restrictions to an individual user. |
| Can prevent deleting? |
Can "hide" the delete button from individual users - does not strictly prevent deleting. |
| Modules accessible by default |
Expenses and mileage |
| Other information |
Can give optional user group Admin rights to an individual user that will allow them to access expense, mileage, and timesheet settings. |
Trainer
| User Group: Trainer |
Trainer users are employees with access to the training module. |
| Can have a secondary user group? |
Can also be a Manager. |
| Can limit employees they can access? |
|
| Can limit actions they can take? |
|
| Can limit access to pay/benefits? |
Has no access as a trainer. |
| Can limit access to specific fields? |
|
| Can prevent deleting? |
But can only delete training as a trainer. |
| Modules accessible by default |
Training |
| Other information |
Can give optional user group Admin rights to an individual user that will allow them to the Training Library. |
Recruiter
| User Group: Recruiter |
Recruiter users are employees with additional access to the recruitment module. |
| Can have a secondary user group? |
Can also be a Manager. |
| Can limit employees they can access? |
|
| Can limit actions they can take? |
Can prevent downloading CVs. |
| Can limit access to pay/benefits? |
Has no access to employee data as a recruiter - for example, they would be able to see requisition salary or offer details. |
| Can limit access to specific fields? |
Can anonymize candidates to globally hide names, address, and contact information (such as email address). Can optionally restrict access to answers to company and role custom questions. Finally, global options can be set to not include monitoring information against a candidate so would not be able to see gender, nationality, DOB, religion, disability, and so on. |
| Can prevent deleting? |
|
| Modules accessible by default |
Recruitment |
| Other information |
Can give the optional user group admin rights to an individual user which will allow them to access recruitment settings. |
Facilities
| User Group: Facilities |
Facilities users are often members of the IT teams and they are employees with access to the Assets module. |
| Can have a secondary user group? |
Can also be a Manager. |
| Can limit employees they can access? |
|
| Can limit actions they can take? |
|
| Can limit access to pay/benefits? |
|
| Can limit access to specific fields? |
|
| Can prevent deleting? |
|
| Modules accessible by default |
Assets |
| Other information |
Can also be given optional access to Forms, Workflows, Timesheets tasks/references, and User management. User management can be full or restricted where they cannot administer or add any one of a higher user group than themselves - as a result, they cannot see/edit/add an Admin, for example, nor change themselves to HR or Admin. |
Marketing Permissions
Any level-user can be given "Marketing permissions" which will allow them access to Branding settings, Pages (Intranet), and Announcements. Click here for more information on marketing permissions.
Module Templates
A module template allows you to define a list of enabled modules where an individual user can access and then apply this to a user or group of users. For example, this allows you to enable expenses but only allow specific users or groups of users to access expenses.
Restrict Access to Pay/Benefits
You can restrict access to pay and benefits for some users. While for some users such as Managers, this is a global option (i.e. once turned on, it applies to all managers), there is the option to control what access is limited to.
The 3 options are pay/salary, benefits, and payments. This means you can stop all your managers from seeing pay and benefits but still allow them access to payments, for example.
Reporting
By default, no user group (other than Admin) has access to any dataset for reporting purposes and you must explicitly add access for each user group to each dataset.
Within that dataset, all the permissions applied against the user are carried through. This means that if a user is given access to the employee dataset, for example, they will only be able to see the data of those whom they are allowed to see in the system. Additionally, if they are unable to access pay, DOB, SSN, and bank details, then these fields will not be available to them in reporting.
In addition, if you share a report to a user and that report has fields which they would not be allowed to see, then we will prevent you from sharing and, if the permissions for the user change after you have shared, the user would be restricted from accessing the report if their current permissions mean they should not be able to access any of the selected fields in that report.
Finally, within reporting, the vast majority of the datasets are associated with an employee - when you give access to the training dataset to a Trainer user, for example, this means they also get access to the information about that employee. However, the employee information they have access to is limited to relevant “work” information so they do not see: Pay, Date of birth, National Insurance, Gender, Marital status, Nationality, Ethnicity, Disability, Sexuality, Religion, Any address/personal contact information, Emergency contact information and bank details.
Click here for more information on report builder permissions.
HRWize
Comments