When you get started with the platform you are provided with a set of initial roles which are great when you are getting off the ground, but ultimately they may not exactly match your organizations internal structure. This may be for a couple reasons:
Your organization has reached a size where the default set of roles does not cover all the specialized users that will be using the system.
You have some staff that do extraordinary duties and need to have their access tweaked compared to their peers.
The set of roles may be a reasonable fit but the names, descriptions and access could use a fine tune.
Access & Roles is your control room for solving these problems. Access & Roles allows you tweak the current roles by changing their names, descriptions and access.
As well as create completely new roles. These roles can then be assigned on employee profiles.
How to Customize Access & Roles
To adjust roles or create new ones go to 'Settings > All Settings > Permission Settings > Show Advanced Settings... > Customise access & roles here' (or here). Here you can adjust a roles access by toggling specific permissions. If you would like to adjust some of the details of a role, go to 'edit role' in the top right.
Here you can update the role name, description and the order it show in on employee profiles. When you are done just press save.
How to Create a New Role
To create a new role go to 'new' in the side panel on the left.
Now just enter the details and click 'create'.
Now you can edit the access of your new role just like any other.
How to Remove a Role
How to remove a role is dependent on if it is built-in or custom. Built-in roles can only be disabled. To do this go to 'edit role' and toggle 'role can be applied to employees'. Then click 'save'.
To remove a custom role. You can either disable it like a native role – in case you may want to re-enable it later. Or you can completely remove it. To completely remove it, go to 'edit role' and click 'delete'.
At this point you should be ready to fine tune access to the platform. Have a go at adjusting the access to better fit the internal structure of your business.
Assigning multiple roles
When a user has multiple roles it becomes more complex to understand how their permissions work. An example would be if they have a permission like "see costs" enabled for one of their roles but not for the other. Does this user have the access to "see costs" or not?
The answer is they do. The reason is roles can only specify what a user can do. They cannot explicitly specify a user cannot do something. Therefore if one of their roles specifies they can "see costs" they can.
Frequently Asked Questions
What If I'm not happy with my changes and cannot remember what I changed?
You can always use 'apply defaults' to revert a role to it's original state.
Can I customize the built-in roles?
Yes you can. You can change the name, description and order it shows in on employee profiles.
I disabled access for something but a user can still access it?
Make sure that it is disabled for all roles that user has. See the Advanced Concepts section above for more details.