Skip to content
Customer Portal Sign In
  • There are no suggestions because the search field is empty.

Creating Roles for Workforce Users

What are Roles?

Roles define the level of access that a User has to Empeon Workforce. Each Workforce User is assigned a Role that dictates what actions they can or cannot perform within the system. Roles help limit exposure to sensitive information and reduce the risk of accidental system changes.

There are two classifications of Roles:

  • Organization Roles have full and complete access to Empeon Workforce across all companies within the organization.
  • Company Roles are assigned to Users who should have access to individual companies within the organization and can be configured with full or custom access to the system for its respective companies.

Organization Level Roles

There are three system-level Organization Roles that are available by default: Organization Owner, Organization Admin and Organization User.

All three Organization Roles have full access to Empeon Workforce across all companies that fall within the organization. There are no restrictions from a system administration standpoint. Where these Roles differ is in their ability to add other Workforce Users to the system and determine the level of access those Users will have.

Put simply, no Organizational User can create or modify another Workforce User with equal or greater Role permissions. This is to ensure that there is a proper hierarchy in how Users are added and assigned their Role given the amount of sensitive information that Empeon Workforce houses. 

Hierarchy  Role  Description
Tier 1 Organization Owner This Role can only be assigned by Empeon Client Services and is typically given to the organization’s owner or CEO. Only one User can be assigned to the Organization Owner Role, and this User has full authority to manage ALL Users and their assigned Roles.
Tier 2 Organization Admin Organization Admins can only manage the access levels for both Organization Users and Company-level Users. 
Tier 3 Organization User Organization Users can only manage the access levels for Company-level Users. 

Company-Level Roles

Company-Level Roles are assigned to Users who need access to specific companies rather than the entire organization. These Roles are often customized to fit the required access. 

There are two default Company Roles are already available: Admin and Read Only.

  • Admin - This Role provides complete system access, but only to the companies assigned by an Organization Owner, Admin, or User.
  • Read Only - This Role allows Users to view all employees and reports without the ability to make system changes. This Role is suitable for accounting or finance Users who need access to information in Empeon Workforce but are not responsible for system administration.

Please note that additional Company-Level Roles can be created and customized as needed, whereas Organization Roles are limited to the three default Roles available.

Creating a Custom Company-Level Role

Before adding a new Workforce User, it’s important to confirm whether a suitable Role is set up and available for assignment. To view the Roles that have been set up, navigate to the Roles section within the Organization Master Portal.

To create a new Role, click the blue "Create role" button.

When creating a new Role, the system will require the following fields of information to first be entered:

  • Role Name - Enter a name for the Role based on the permissions it will provide.

  • Role Description - Provide a description to differentiate the Role from others. Highlight specific access privileges or indicate the position within the company for which the Role is intended.

  • Clone Role - This is an optional feature available if there is an existing Role that can serve as a model for the new Role. Selecting a Role in this field duplicates its permissions, which can then be modified for the Custom Role being created.

The next section on this screen involves customizing permissions for each of the five tabs within Empeon Workforce: Dashboard, People, Actions, Reports, and Company. To configure permissions for each tab, select each tab individually to view and adjust its permissions.

By default, each permission is set to "No access". In the top right corner of this section, there is an option to set all permissions across the five tabs to either Full access or No access. This can be helpful if a User's Role is intended to have almost full access to the system, with the exception of only a few permissions. In this case, setting each permission to Full access and then disabling the few permissions the User won’t need can be the most time-efficient approach.

Setting Permissions

Setting the permissions for this Role involves reviewing the permissions available under each of the five tabs: Dashboard, People, Actions, Reports, and Company. Note that some tabs may have more permissions to consider than others.

When it comes to establishing the access for a permission, some permissions are binary, where access is either granted fully or not at all.

Other permissions will have varying levels of access beyond just full or no access. With these permissions the options are No Access, View Only, View & Edit, or View, Edit & Delete (Full Access).

After setting the access for each permission within each tab, click the blue "Save" button.

Viewing Permissions of a Role

Once a Role is created, it will then show under Company Roles as a "Custom" Role.

As more Roles are created, it may be necessary to view the Role's permissions. To do this, click the three-dot menu and select "View permissions". In the same menu, there are also options to edit or delete the Role.

Now that a Role has been created, it is now available to be assigned when adding a User to the system. For more information on how to add a Workforce User, please refer to Empeon's article Administering Workforce Users.

Testing Newly Created Custom Roles

When creating new Custom Roles, it is helpful to confirm exactly how the Custom Role will be applied when assigned to a User. Therefore, Empeon strongly recommends testing the newly created Role before assigning it to Users.

Organizational Users and Admins can test newly created roles simply by creating themselves as an external User in Empeon Workforce using a secondary email.

Then within the Access Rights section, apply and confirm the newly created Role so that the registration email is sent to the secondary email.

Then register and login through this secondary email to see the access result of the new Role. This will allow you to be able to view level of access that the Role has and determine whether or not it is ready to be assigned to a User.