Global General Permissions

Global General Permissions—what they are and how to use them.

The Basics

Global General Permissions govern specific Yes or No actions a user can take across Namely.

For most actions under Global General Permissions, a role can either use the feature listed or it can’t—you can’t scope the action to only be taken against a specific employee population.

Example Global General Permissions include: 

  • The ability to log into Namely

  • The ability to run reports

  • The ability to create, manage, or delete performance reviews 

  • The ability to access Namely’s API

  • The ability to manage onboarding  

  • The ability to access Namely Payroll from Namely HCM 

Certain features in this section can be limited, but these limitations are imposed by other permissions sets contained within a role’s setup and aren’t directly controlled here. These features include: 

Feature Name

Functionality

Limitations 

Reporting engine

Permits the user access to the reporting engine to create custom reports. A user’s field permissions will always be respected in the reporting engine; users are not able to report on data beyond their permission settings.

A user in a role that has this feature enabled is only able to pull data on fields they are enabled to see in field group bundles/field group bundle permissions. 

If they don’t have the ability to view a field, that data piece and all other data pieces affiliated with an employee won’t be pulled into a report. This is expected behavior.

Integrations payroll admin

Grants the user access to Namely Payroll as an administrative user.

This feature only grants an employee access to the Manage Payroll and Run Payroll buttons in HCM.

Payroll admin access is not configured in HCM, but in the users section of Namely Payroll.

If this feature is enabled, but the user isn’t set up with an admin profile in the respective Payroll site, they will be unable to access Namely Payroll as an admin. This is expected behavior. 

User create

 

 

Enables the Add New Person button viewable on the People page.

This feature only grants a user access to the Add New Person button on the People page, however, the ability to add data to profile fields is not enabled if this button is turned on. 

A user in this role will only be able to add info to profile fields they are able to edit for all users in the system. 

For example, if you have the ability to edit the Company Email field for all employees but can only edit Personal Email field for your direct reports, you will only be able to access the Company Email field within the Add New Person wizard. There are no exceptions or workarounds to this rule.

API Permanent Access Token

Allows a user to have full and complete access to the platform, with the ability to manage the API access token and connection.

An API token created by a profile will inherit the field visibility rules from the role which created it. 

For example, if a role that is unable to view SSN information creates an API token, its API token will be unable to access SSN details as well. If greater visibility is needed the role’s field group bundle permissioning must be changed.