HRIS Implementation Milestone: Roles and Permissions

This article explains the best practices and the steps implemented during an HRIS roles and permissions call for an Implementation Consultant.

 

OVERVIEW

The Roles & Permissions HRIS configuration call and milestone should consist of reviewing how to configure, use and customize access roles and field group bundles in the system. This call should also include testing access role permissions and assigning access roles to employees. 
 

BEST PRACTICES  

Implementation Consultant (IC):

  • Lead the call and refer back to client’s HRIS Design Guidebook.

  • Confirm that the client has completed the associated Namely Learning courses.

  • Set the agenda for the call and review key takeaways.

  • Guide client following the agenda set for the call. The client should share their screen so they learn to navigate Namely.

  • Answer and ask any outstanding questions that either the client or consultant may have.

  • Reference recorded resources to prepare for the call and understand what the discussion should entail.

  • Leave the call knowing that the client feels confident in navigating the platform.

 

Project Lead (PM) optional to attend:

  • Support the IC and the client as needed on the call. 

  • Answer and ask any outstanding questions that either the client or consultant may have.

 

Namely Project Team (DSC / BAC / PC / TC):

  • Does not need to attend the overview call, but should be aware that it is occurring.

 

PROCESS STEPS

Implementation Consultant (IC):

  • Confirm if the client has Namely Now or Namely Plus in their agreement.

    • Namely Now: The IC may support the configuration of the Six Best Practice Access Roles (HR Admin, Payroll Admin, C-Suite, IT Operations, Manager, Employee). Refer back to the client’s design guidebook to consult on the Roles & Permissions configuration accordingly. 

    • Namely Plus: The IC may support the configuration of up to ten custom roles; this should be a more hands on approach of pre-configuring roles based on the design guidebook prior to the call.

  • Refer back to the HRIS Design Guidebook and review the agenda for the call:

    • How to make changes or updates to an access role.

    • How to clone an access role or rename an access role.

    • How to make changes or updates to field group bundles.

    • How to test permissions via View as function.

    • How to make changes or updates to Data Analytics Permissions.

    • How to import access role assignments.

  • After confirming the agenda, have the client share their screen and navigate to Company Settings (via Company Settings > Roles & Permissions) to walk through how to manage access roles.

    • Review the standard access roles that are available in the site and the primary use case.

      • Emphasize that no modifications can be made to the Administrator access role and this should be assigned conservatively to the users that need full access to the HRIS site.

      • Remind the client that our best practice for creating any additional role is to clone the employee or manager's access role and build it from there based on the specific permissions required.

      • Reiterate that the names of access roles can be changed at any time.

  • After that, have the client select Edit next to one of the access roles so you can walk the client through how to customize the permissions in a particular role.

    • Show the client where they can find Definitions of Access Role Permissions in the Help Community so they understand all of the possible permissions available.

    • Briefly review each section of the access role and describe its main functionality along with best practices.

      • For Global General Permissions, point out that these permissions are out of the box site-wide permissions for users to make minimal changes to intended functionalities.

        • We recommend limiting the permission Send Files to Support since this role allows someone to see all employee data that has been exchanged in the secure file exchange.

      • For Global Company Settings Permissions, emphasize that these permissions are related to the access available under Company > Settings.

        • We recommend only assigning these permissions as needed to users that handle any configurations.

      • For Scoped Permissions, be sure to point out that these permissions would allow for additional scoping if there were intricacies of visibility that need to be set up, otherwise these are set up to work out-of-the-box.

        • We recommend pointing out that the Ability: assume users should be rarely assigned to anyone not in an Administrator role due to the fact that they will be able to view the site as any user that falls under this scoping.

      • For Field Group Bundle Permissions, emphasize that this is where the configuration of profile field access takes place.

        • Make sure that the client understands how to connect an appropriate field group bundle to the access role in a read, edit, or request ability.

  • Next, have the client navigate to Field Group Bundles (via Company > Settings > Field Group Bundles) and have the client click through the field group bundles for the Basic AllBasic Edit SelfBasic Read Self, and Basic Request Self bundles. Confirm with them that they understand how to make the necessary changes on the grid.

    • Make sure that for the profile field eSignature Agreements, both selections Basic Read Self and Basic Edit Self are checked off so employees can properly sign off eSignature documents,

    • Clarify with the client that Edit access to profile field Time Off Request should only be given to HR Admins since this allows accrual balances to be updated as well.

  • After that, have the client review the Analytics permissions (Company > Settings > Analytics Permissions) and make sure that they understand the default scoping as well as how they can continue to customize a particular access role to have access to the field group bundles.

  • Have the client navigate to an employee profile and show them how to change an access role directly from the profile and use the View As button to view the site as a particular user.

    • Emphasize to the client that using View As is recommended to test out each access role once they are assigned in order to confirm that they are functioning as intended.

    • From there, confirm if the client would like to make access role assignments on their own or if they would prefer an upload.

    • If the client wants to upload access role changes, walk them through how to create it and provide a report that includes email addresses and current access role assignments. Upload this report to their Support Files so they can review and complete any changes prior to the re-upload.

    • Show the client how they can filter on the People tab to find employees based on their current access role.

  • Depending on time, we recommend showing the client how to use the Audit Reports option found on the homepage to manage any changes to access role permissions, assignments, or field group bundles.

  • Refer to the HRIS Design Guidebook and review the next steps for the client:

    • Ensure employees are assigned with their appropriate access roles within five business days.

    • Use the View as function to audit access role permissions.