Creating Roles for Workforce Users
Introduction
Roles determine the level of access that a User has to Empeon Workforce. Employers often require various Roles, with varying levels of access in order to mitigate the risk of invalid system changes and reduce exposure to sensitive information. When creating Roles for Workforce Users, it is important to first have a high-level understanding of your employees' professional responsibilities in relation to how they will need to use Empeon Workforce. This will help determine the type of Role(s) that should be created to be assigned to the appropriate User(s). Employers that keep this vision in mind will be able to create, adjust, and assign Roles that precisely fit their needs.
Roles are classified into two types: Organization Roles and Company Roles. Organization Roles have complete access to Empeon Workforce, allowing management and support across all companies within the organization. Conversely, Company Roles are assigned to one or multiple companies within the organization and can be configured with full or custom access to the system for its respective companies.
Organization Level Roles
There are three system-level Organization Roles that are available by default: Organization Owner, Organization Admin and Organization User. All three Roles have complete and total access to Empeon Workforce across all companies that fall within the organization. There are no restrictions from a system administration standpoint. Where these Roles differ is in their ability to add other Workforce Users to the system, and determine the level of access those Users will have. Put simply, no Organizational User can create or modify another Workforce User with equal or greater Role permissions. This is to ensure that there is a proper hierarchy in how Users are added and assigned their Role given the amount of sensitive information that Empeon Workforce houses.
Organization Roles |
||
Tier 1 | Organization Owner | Empeon recommends assigning the Organization Owner Role to the organization's owner or a C-level executive. This Role can only be assigned by Empeon Client Services. While there can only be one Organization Owner, this Role has the authority to create and remove Organization Admins, Users, and Custom Roles as needed. |
Tier 2 | Organization Admin | Organization Admins can create and edit the access levels of both Organization Users and Company-level Users as needed. They can also create custom Company-level Roles. |
Tier 3 | Organization User | An Organization User cannot create, edit, or remove the Organization Owner, Organization Admins, or other Organization Users. However, they can create Company-level Admins, Custom Roles, and Company-level Users with Custom Roles. |
Company Level Roles
Company Level Roles are used when a User should have access to specific companies rather than the entire organization. Custom company-level Roles can be created to regulate the level of access a User has within the system.
Two default Company Roles are already available: Admin and Read Only. The Admin Role provides complete system access, but only to the companies assigned by an Organization Owner, Admin, or User. The Read Only Role allows Users to view all employees and reports without the ability to make system changes. This Role is suitable for accounting or finance Users who need access to information in Empeon Workforce but are not responsible for system administration.
Please note that additional Organization Roles cannot be created; only Company Roles with custom permissions can be created.
Creating a Custom Company Level Role
Creating Custom Roles addresses the need to provide Users with access to specific information, modules, and functions within Empeon Workforce. Before setting up a Workforce User with restricted access, it is necessary to first create a Role that matches the required access criteria. To create a Role, navigate to the Roles section within the Organization Master Portal: Organization Master Portal > Roles > Create role.
When creating a new Role, the system will require the following fields of information to first be entered:
-
Role Name: Enter a name for the Role based on the permissions it will provide.
-
Role Description: Provide a description to differentiate the Role from others. Highlight specific access privileges or indicate the position within the company for which the Role is intended.
- Clone Role: This is an optional feature available if there is an existing Role that can serve as a model for the new Role. Selecting a Role in this field duplicates its permissions, which can then be modified for the Custom Role being created.
The next section on this screen involves customizing permissions for each of the five tabs within Empeon Workforce: Dashboard, People, Actions, Reports, and Company. To configure permissions for each tab, select each tab individually to view and adjust its permissions.
By default, each permission is set to No access. In the top right corner of this section, there is an option to set all permissions across the five tabs to either Full access or No access. This can be helpful if a User's Role is intended to have almost full access to the system, with the exception of only a few permissions. In this scenario, setting each permission to Full access and then turning off the few permissions that the User will not have can be the most time-efficient approach.
Setting Permissions
Setting the permissions for this Role involves reviewing the permissions available under each of the five tabs: Dashboard, People, Actions, Reports, and Company. Note that some tabs may have more permissions to consider than others.
When it comes to establishing the access for a permission, some permissions are binary, where access is either granted fully or not at all.
Other permissions will have varying levels of access beyond just full or no access. With these permissions the options are No Access, View Only, View & Edit, or View, Edit & Delete (Full Access).
After setting the access for each permission within each tab, click the blue "Save" button.
Viewing Permissions of a Role
Once a Role is created, it will then show under Company Roles as a "Custom" Role.
As more Roles are created, it may be necessary to refer back to view the Role's permissions. To do this, click the three-dot menu and select "View permissions." In the same menu, there are also options to edit or delete the Role.
Now that a Role has been created, it is now available to be assigned when adding a user to the system. For more information on how to create additional Workforce users, refer to Empeon's article Administering Workforce Users.
Testing Newly Created Custom Roles
When creating new Custom Roles, it is helpful to confirm exactly how the Custom Role will be applied when assigned to a User. Therefore, Empeon strongly recommends that Organizational level Administrators & Users first test newly created Roles before assigning it to Users.
Organizational Users and Admins can test newly created roles simply by creating themselves as an external User in Empeon Workforce using a secondary email.
Then within the Access Rights section, apply and confirm the newly created Role so that the registration email is sent to the secondary email.
Then register and login through this secondary email to see the access result of the new Role. This will allow you to be able to view level of access that the Role has and determine whether or not it is ready to be assigned to a User.