Introduction
Empeon's Roles determine the level of access that is granted to a user in Empeon Workforce. Often employers have a need for varying types of Roles in Empeon in order to mitigate the risk of invalid system changes and reduce exposure to sensitive information stored within it. When creating user roles, it is important to first have a high-level understanding of your employees' professional responsibilities in relation to Empeon Workforce. This will help determine the type of Role(s) that should be created and assigned to the appropriate user(s). Employers that keep this vision in mind will be able to create, adjust, and assign Roles that precisely fit their needs.
There are two classifications of Roles: Organization Roles and Company Roles.
Organization Roles have complete access to Empeon Workforce to manage and support all companies affiliated within the organization. Conversely, Company Roles are assigned access to one or multiple companies within an organization and can be configured with custom access rules to the system.
Organization Level Roles
There are three system level Organization Roles that are available by default: Organization Owner, Organization Admin and Organization User. It's important to understand that all three Organization Roles have the same complete access to all system information and functions for the entire organization. From a system access and administration standpoint, these Roles cannot be restricted. The sole purpose of having three tiers of Organization Roles is so that employers can apply proper hierarchies of user control. For security purposes a user can not create or change the access of another user that is the same or higher level Role as themselves.
Organization Roles | ||
Tier 1 | Organization Owner |
Empeon recommends that the organization's owner or C-level executive be applied to this Role. The assignment of this role can only be addressed by Empeon Client Services. There can only be one account owner, however the owner can create and remove as many Organization Admins, all other types of Users, and Custom Roles as needed. |
Tier 2 | Organization Admin | Organization Admins can create and edit the access level of as many Organization Users and company level Users as needed. An Organization Admin can also create custom company level Roles. |
Tier 3 | Organization User | An Organization User cannot create, edit, or remove the Organization Owner, Organization Admins, or other Organization Users. However, they can create company level Admins, Custom Roles, and company level Users with Custom Roles. |
Company Level Roles
Company Level Roles should be used for any circumstance where a user should only have access to specific companies, rather than the entire organization. Custom company level Roles can be created to regulate the level of access a User can have within the system.
There are two pre-loaded/system level Company Roles available by default: the Admin role and the Read Only role. The company level Admin role has complete system access, but only to the companies they are assigned by an Organizational level Owner, Admin, or User. The Read Only role can view all employees and reports within the system, but without the capability to make any changes. Read Only is often appropriate for accounting/finance types of users who need all the information in Empeon Workforce but are not responsible for administrating it.
Please note that Organization Roles cannot be created. When creating a Role within the system, it can only be created as a Company Role.
Creating a Custom Company Level Role
The system Roles outside of Read Only mentioned above are unrestricted by design. However, many employers have a need to create Users that should only have access to certain information, modules, and functions of Empeon Workforce. Empeon's solution for any restricted access need is to create Custom Roles. Before setting up a Workforce user that should have restricted access, it is important to first create a Role matching the needed access criteria.
1. To create a Role, navigate to the Organization Master Portal.
2. Then select Roles from the left-hand menu. On this screen you will be able to see the Roles that are already created within the system and available for assignment when adding a User.
3. To add a Custom Role, click the blue button labeled "Create role".
You will then be prompted with the following fields:
- Clone Role - When creating a Custom Role, you have the option to clone it based on an existing Company Role that is already entered within the system. For example, if you are creating a Role that closely resembles one already in place, you can choose that Role from the Clone Role dropdown menu. From there, the permissions linked with the selected Role will be duplicated, allowing you to then make any necessary modifications to the Custom Role that you are creating.
- Role Name - Name the role according to your preference based on the permissions of the Role.
- Role Description - Provide a description of the Role. As you continue to create Roles within the system, providing a description will help to differentiate the level of access that each Role has. In your description, it is recommended to highlight specific access privileges associated with the Role or specify the position within the company that the Role should be assigned to.
The next section on this screen is customizing the permissions for each of the five tabs available within Empeon Workforce: Dashboard, People, Actions, Reports, and Company. To configure permissions for each tab, you'll need to select each tab individually to view its respective permissions.
By default each permission will be set to No access. However, in the top right corner of this section, you have the option to set all permissions across the five tabs to either full access or no access. This can be helpful if you have a User who you intend to grant almost full access to the system, with the exception of only a few permissions. You can set each permission to "Full access" and then turn off the few permissions that the User will not have.
Setting Permissions
Setting the permissions for this Role will consist of going through each of the five tabs and reviewing the permissions that exist for each one. Some tabs will have more permissions than others that you will need to consider.
When it comes to establishing the access for a permission, some permissions are binary, where access is either granted fully or not at all.
Other permissions will have varying levels of access beyond just full or no access. With these permissions the options are No Access, View Only, View & Edit, or View, Edit & Delete (Full Access).
After you have gone through and set the access for each permission within each tab, click the blue button labeled "Save".
Viewing Permissions of a Role
Once a Role is created, it will then show under Company Roles as a "Custom" Role.
As more Roles are created, you may need to refer back to the Role to view its permissions. To do that, click the three-dot menu and select "View permissions". Additionally, within the same menu, you can edit or delete the Role.
Now that a Role has been created, it is now available to be assigned when adding a user to the system. For more information on how to create additional Workforce users, refer to Empeon's Setting Up Users article.