How Are Security Permissions Set?

 

Giving the right level of permission to your employees and managers is crucial to allow for the most effective use of the Flare platform.

A user’s security permissions - what they are able to do and see within the platform - and menu access - what items they have visible in the sidebar - is dependent on their membership of one or more permission groups. A permission group defines the individual security permissions and menu access for any employees that are a member of that group.


You may export your current permission setup by navigating to Settings > Security and clicking Export settings.

 

Note: It is important to take care when working with permission group set up, as this can have a significant impact on the use and access of your system. Please contact Support should you be unsure.  

 

Adding and Removing Users to a Permission Group

 
An employee can belong to one or more permission groups, with their individual set of permissions and menu access determined by the highest combination available from the groups they belong to. Every active individual within the platform automatically belongs to the everyone permission group. This is the default set of permissions account-wide and acts as the based line for security permissions.

To add or remove a user to a permission group and provide them with that groups permissions and menu access:
 
  • Navigate to Settings > Security.
  • Select the permission group you would like to add/remove members to in the permission group dropdown.

    image.png
  • Select the Members tab and using the Work groups, People, or Legal entity inputs add or remove members of this group

    image.png

    Note:
    • It is not recommended to add membership by legal entity unless you’re extremely certain. This would provide the permissions and menu access to all members of the legal entity selected.
    • You are unable to change the membership of the everyone permission group as all employees belong to this permission group automatically.

  • Click Save to save any changes made

    image.png
  • To validate that your permission group only includes the members that you intend click the Show member button to bring up a list of permission group members and how they have been added.

    image.png

Adjusting the Menu Access for a Permission Group

 
Each permission group has a tab for menu access, which determines what menu items are hidden or visible on the sidebar. The menu access does not determine whether an menu items is accessible or not, but simply whether the item should be hidden or visible on the sidebar and must be setup/removed in conjunction with the permission group’s permissions.

To add or remove a menu visibility for a permission group:
  • Navigate to Settings > Security.
 
  • Select the permission group you would like to add/remove members to in the permission group dropdown.

    image.png
  • Select the Menu access tab and check or uncheck the menu items you would like available as part of membership of this permission group.

    image.png

  • Click Save to save any changes made

    image.png
Note:
  • If you adjust the menu access to hide certain menu items, but it still doesn’t remove for a permission group member, it is likely that the user also belongs as a member to other permission groups that do provide access.
  • If you adjust the menu access to show certain menu items, but this still doesn’t appear for a permission group member, it is likely that the user doesn’t have the underlying permissions to access these pages.
  • If you adjust the menu access to hide certain menu items, but the permission group member still has permissions to access this information, the menu item will still be accessible (such as by URL).

Setting the Permissions for a Permission Group

 
Each permission group has a set of permissions, determining what a member of this group can do and see within the platform. Given the complexity of permissions and the potential impact changing a permission can make, it is generally advised to contact support for any changes required.
Each permission may be set to either View, Change or None OR Yes or No, depending on the individual permission.

image.png
 
Column Name Column 2
View / Change / None
View
Gives the user view/read-only access
View / Change / None
Change
Gives the user view access as well as change/edit access
View / Change / None
None
Does not give the user any access to view or change
Yes / No
Yes
Gives the user permission
Yes / No
No
Does not give the user permission

Permissions are generally categorised as either Secure OR Standard and Global OR People.
image.png
Column 3 Column 1 Column 2
Standard / Secure
Standard
Permissions that control basic functionality and information on the platform. e.g., Adding documents, changes to employees' basic details.
Standard / Secure
Secure
Permissions that control sensitive employee data or account information/processes. e.g., employees’ salaries or access to changing the Organisational Chart.
Standard / Secure
People
Permissions that are directly related to employees, e.g. the ability to view/change an employee's profile or the ability to submit a leave request.
Global / People
Global
Permissions that do not relate to specific employees, but rather apply to actions affecting the entire platform. e.g. the ability to create an employee and the ability to change Announcement settings

People permissions are generally divided into 5 targets, Self, Direct reports, Reporting line, Team and Entity/All.  Global permission will always be All.

image.png
Column 1 Column 2
Self
What the user can do/see on their own profile
Direct reports
What the user can do/see on the profile of an employee who directly reports to them
Reporting line
What the user can do/see on the profile of an employee who is in their downwards reporting line (e.g. a regional manager in relation to their store manager’s employees)
Team
What the user can do/see on the profile of employees who they are a team leader of
All
What the user can do/see on all employees’ profiles


Restricting a Permission Group to a Legal Entity

 
If you would like to limit a permission groups ability to see and perform actions across All employees within a legal entity, rather than account wide, this may be done by creating a legal entity restricted permission group. An example of this may be allowing employees to add employees for one legal entity, but not another.

On completing this the All column will change into Entity as these are permissions applied against the entity rather than all profiles.

image.png
 
Note:
  • Not all global permissions are able to be converted into legal entity restricted permissions. As such when you change a global permission group be legal entity restricted these permissions will be deleted.
  • As some global permissions may still be needed for certain actions, you may need to create an additional permission group with the same members of your legal entity restricted permission group that provided these required permissions.
 
To limit a permission group to a legal entity:
  • Navigate to Settings > Security.
  • Select the permission group that you would like to restrict to a legal entity in the permission group dropdown.

    image.png
  • Select the legal entity that you would like to restrict the permission group to

    image.png
  • Confirm that you would like convert the permission group from a global permission group into a legal entity restricted group.

    image.png

  • Click Save to save any changes made.

    image.png

Creating New Permission Groups

 
If required you may create additional permission groups to create differing levels of permissions and menu access than those currently setup.
 
Note: It is generally recommend to keep the number of permission groups down to as few as possible to prevent confusion in their use and maintenance.
 
To create a new permission group:
  • Navigate to Settings > Security.
  • Select the a pre-existing permission group from the permission groups dropdown that is most similar to the new permission group you would like to create and click Add new to clone it’s permissions and menu access to a new group.

    image.png

  • Enter the name of your new permission group and configure the Permissions, Menu access, and Members appropriately as required.

    image.png

  • Click Save to save any changes made

    image.png

 

What’s next?

Ready to make some changes? Learn more about navigating and setting up Permissions here.

 

Was this article helpful?
5 out of 7 found this helpful
Have more questions?
Submit a request