Access Roles, Permissions, and Field Group Bundles

Learn what Access Roles, Permissions, and Field Group bundles are and how they all work together to give you control of your site.

OVERVIEW

Access RolesPermissions, and Field Group Bundles provide you and your employees control over who can view, manage, and even interact with others on your site. Understanding your options and how to leverage them will help you grant the proper abilities and visibility to your employees within HRIS.  

TIP

If you're looking for information on Namely Payroll permissions, you'll want to read Namely Payroll User Administrative Roles.

Definitions

Roles and Permissions define a user's ability to view and manage information, features, and specific functionality within your Namely HRIS site. Each employee will be assigned an Access Role, which can be configured to have different abilities in your site, and leverage Field Group Bundles to grant visibility, edit and request access to specific fields.

Field Group Bundles house a collection of profile fields into a logical group which can then be scoped for each access role. These groups determine which fields an employee can view and edit on their own profile and others’. 

MANAGING YOUR ACCESS ROLES

To view or modify your Access Roles, go to Company > Settings. Under the Employee Data column, click Roles & Permissions.

 
A screenshot of a phone Description automatically generated
Roles & Permissions is where you can make changes to your Access Roles. When new Namely sites are created, four default, staff access roles are added:

  • Employee

  • Manager

  • Executive

  • HR Support Admin

Each of the above roles may be adjusted and configured to the system administrators’ specifications.

Namely System Administrators by default have access to view and manage all company and employee data settings. Administrators are the only users with unlimited access roles.

TIP:

As few individuals as possible should have this level of access to ensure system security. Permission configurations are typically established during your implementation but may be maintained and updated on an ongoing basis.  

Any access role in this section is available for user assignment. Roles may be configured and managed by taking the following actions:

  • Rename: Select to update the title of an existing role’s name.

  • Edit: Select to display the permissions and settings behind each role will display. Individual role permissions can be adjusted by an administrator at any time. Updates become effective immediately after saving.

  • Clone: Select to copy an existing role to efficiently create a new access role. 

  • Delete: Select to delete a role from your site.

  • Add Role: Select to add an entirely new role, with no permissions pre-filled or selected.



A screenshot of a computer Description automatically generated 

Modifying Access Roles

To make a change to an Access Role, go to Company > Settings > Roles & Permissions and click Edit next to the desired role. Role permissions are displayed in a vertical list with a series of checkboxes. Features and settings may be enabled by selecting the applicable checkbox.
Roles are highly configurable. We recommend reviewing Definitions of Access Role Permissions when making changes to access roles - it contains a comprehensive list of what each permission constitutes in HRIS.  

Global General and Company Settings Permissions

Global General Permissions and Global Company Settings Permissions are permissions that are not scoped to a provide a role with the ability to do something to a scoped group of employees. For example - the ability to access Benefits Setup, create tasks or access parts of Company Settings are global permissions. These are just general abilities in the site and usually have to do with having access to features and modules in Namely.  

Scoped Permissions

The Scoped Permissions section of Access Role configuration provides additional configuration options beyond what is available for Global Permissions. Scoped permissions allow you to define the employees a role has the permission to leverage a feature for - i.e., providing your Manager role with the ability to approve time off for direct reports. Permission scopes will be specific to each Namely platform’s divisions, custom teams, and user roles.  
Scopes help define the breadth of a user’s management capability. One or more scopes may be selected and combined to expand or limit a user’s access level. The number of scopes will vary based on your use of divisions and teams. Infinite scope combinations are possible.

TIP:

Layered permission scopes require a user to meet all requirements, i.e. the user must be a member of both the departments and divisions in the scope.

For more information, read Scoped Permissions. 

Field Group Bundle Permissions

Beneath the permission settings of every access role, a set of field group bundles will display. Field group bundles within the role control the aspects of a users’ profile that may be viewed and modified. Once assigned, field group bundles determine the profile fields a user may view and edit of themselves, their peers, and their direct reports.
Every field group bundle has a series of scopes by which users may read, edit and request information. By double-clicking on one of the three options below, a series of additional scope options will appear in a vertical list. Permission scopes will be specific to each Namely platform’s divisions, custom teams, and user roles.
Scope types:

  • User read

  • User edit

  • User request

You must select a scope type to add the field to the role. All field group bundles created will display at the bottom of every role, but only those bundle rights relevant to the users’ roles should be assigned. 

Exceptions and Whitelists

You can also configure your permissions with scopes to accommodate exceptions. Exceptions may be defined by a division, access role, or unique user name.
Feature scopes also support providing divisions, departments, access roles, or unique user names with a particular permission privilege. The act of whitelisting allows for permission privileges to be granted on a selective basis. 

Field group bundles with scopes can also accommodate access exceptions. Exceptions may be defined by a division, department, access role, or unique user name. Feature scopes also support Whitelists which provides divisions, departments, access roles, or unique user names with a particular permission privilege. The act of whitelisting allows for permission privileges to be granted on a selective basis.

TIP:

Use the below example case to understand how to use Exceptions in Field Group Bundles.

The access role ‘Regional Director (North America)’ allows the user to view the compensation, time off, goals, and performance history for all staff ranked lower in the reporting tree EXCEPT for the users in Finance, Operations and Sales divisions for the Canada office location.

MANAGING FIELD GROUP BUNDLES

To manage your Field Group Bundles go to Company > Settings > Field Group Bundles.



A screenshot of a cell phone Description automatically generated 

You can perform the following actions from the Field Group Bundles page:

  • Rename: Use to update the title of an existing bundle’s name.

  • Edit: Select to edit the permissions and settings.

  • Delete: Removes a bundle from your site.

  • View Grid: Select to view all field bundles map to their respective profile fields with permission rights assigned according to each users’ role.

 The Field Grid depicts which fields are included in each of your Field Group Bundles.



A screenshot of a grid Description automatically generated



Standard and custom profile fields are listed in the left vertical column. As new custom profile fields are created, they will display in this list. Your bundles are displayed across the top of the grid. You can view role assignments by clicking on the bundle name.



Checking the box on the grid for a specific field in a bundle column will add it to that Field Group Bundle. You can then leverage the bundle to provide view, edit or request ability to the collection of fields on any Access Role. 

TIP:

Field group bundles unassigned to roles will be blank.

Adding and Provisioning Access to New Fields

Administrators may create new custom profile fields in the Profile Field section of Company Settings. Once created, administrators are the only ones to view and edit these fields until permissions are assigned to other access roles.

A screenshot of a profile field Description automatically generated

Administrators can navigate to the Field Group Bundle grid and apply the appropriate check marks to allow for view and edit rights for the applicable access roles.
To confirm access roles, go to the People page and filter by Access Role. All access roles created in Namely will surface in the dropdown menu. 
A screenshot of a computer Description automatically generated

TIP:

Before modifying or eliminating an access role, confirm the individuals with the role assigned. Access roles should not be deleted until they have been unassigned to all users. Upon selecting Delete, you will be guided in reassigning the users to a different access role.