Field Group Bundle Permissions

How to configure permissions within the Field Group Bundle section.

BILLING APP

THE BASICS

Field group bundle permissions determine how an access role interacts with the various field group bundles assigned to them. Via a field group bundle permission, each bundle can be scoped to allow a user to read, edit, or request a change to other employees' profile fields in Namely. In other words:

  • The field group bundle defines a set of profiles fields an access role can view, edit, or request a change to.

  • The field group bundle permission defines the employee population for whom the access role can view, edit, or request to change a set of fields (the field group bundle).

    • If a user has access to both edit a field and request a change to it, the edit access will override the request access. Remove the edit access from the Field Group Bundle Permission in order to enable the request workflow.

Accessing Field Group Bundle Permissions

To access field group bundle permissions:

  1. Go to Company > Settings > Roles and Permissions.

  2. Click Edit next to the access role whose permissions you want to update.

  3. Scroll down to Field Group Bundle Permissions.

Understanding the Scoping Options: 

Each field group bundle has a permissioning set associated with it, providing the following user actions:

  • User Read: Allows the user to read all fields assigned to the bundle

  • User Edit: Allows the user to edit all fields assigned to the bundle

  • User Request: Allows the user to request a change to a field in the bundle via a workflow

Each bundle can have all three of these scopes applied to it at any given time. It is important to note that three options don’t need to be scoped to the same level. For example, if a manager should be able to read the fields in a bundle for all employees, but only be able to edit them for their direct reports, you could set the bundle permissions like this:

A screenshot of a computer Description automatically generated

Whitelists and Exceptions: 

  • Whitelist: 

    • Allows a role to read/edit/request changes to profile fields in a bundle for employees who would otherwise be excluded.

      • For example, if managers should be able to read the fields contained in a bundle for their direct reports as well as one employee who doesn't have a manager. You could check off Directly Report under Via Company under the Manager bundle’s User Read field and enter the name of the additional employee into the Profile section of Whitelist.

  • Exceptions: 

    • Prevents a role’s ability to read/edit/request profile fields in a bundle for employees who would otherwise be included.

      • For example, your HR Admin team needs to be able to view all employee salary information except for your CEO’s. You could check off All under the bundle’s User Read field and then add the CEO by name to the Profiles section. 

Whitelists and Exceptions can be created using the following categories: 

  • Group

  • Access Role

  • Profile  

Scoping Option Definitions:

  • All: Permissions assigned to this scope can be performed against every employee in the system.

  • Same department: Permissions assigned to this scope can be performed against any employee in the same group. Groups are configured in Company Settings and can be composed of departments, divisions, or static teams.

  • Same office location: Permissions assigned to this scope can be performed against any employee in the same office location.

  • Same team: Permissions assigned to this scope can be performed against any employee on the same custom team.

  • Report under via team: Permissions assigned to this scope are based on the user’s position in a custom team.

  • Directly dotted line under via company: If your organization uses dotted line reporting relationships, use this scope to apply the permission to secondary managers.

  • Directly report under via company: Permissions assigned this scope can be performed against direct reports as assigned by the Reports To function, one level down only.

  • Report under via company: Permissions assigned this scope can be performed against any reports assigned by the Reports To function.

  • Self: Permissions assigned to this scope can be performed only on the employee’s own profile.

  • Role Under: Permissions assigned to this scope provide the access role the ability to use the permission against those in the access roles below them in the Roles & Permissions tab.