Permission levels determine what each staff member is able to view and edit in Workforce.com.
The default permission levels are Admin, Manager and Employee.
Admin
Admins can access everything in Workforce.com and can also assign permissions to other staff.
Manager
Managers can manage the schedules, timesheets and leave for teams that they are a Manager Of.
Employee
The Employee permission gives the ability to record worked hours, submit leave applications and be scheduled in Workforce.com. This is the permission required for anyone who uses Workforce.com for their own employment.
Employees are allocated to teams that they work in. The teams and employee ‘Works in’ determines where they can be scheduled, and which managers will be able to manage those employees.
Admins or Managers who also use Workforce.com for their own employment will also need the Employee permission level assigned in addition to their manager or admin permission level.
The below table is a summary of the main differences between the permission levels:
| Admin | Manager | Employee |
Can have timesheets | ❌ | ❌ | ✅ |
Can be scheduled | ❌ | ❌ | ✅ |
Edit organization settings | ✅ | ❌ | ❌ |
Assign user permissions | ✅ | ❌ | ❌ |
Edit schedule | ✅ | ✅ | ❌ |
Approve leave | ✅ | ✅ | ❌ |
Approve timesheets | ✅ | ✅ | ❌ |
Customize default permission levels
What each permission level can do can be customized under Settings > Permissions. Examples of actions you can restrict include:
The ability to see costs
The ability to approve leave
The ability to edit / approve timesheets
The ability to see the full schedule / leave calendar for a Team or Location
The ability to enter Time Off.
Advanced permissions customization
You can create and edit permission levels. To see how, refer to the Customize permission levels guide.
Granting account access
New staff gain access to Workforce.com via an invitation email. If the blue 'Invite to Workforce.com' button is visible on the employee profile, that means this employee is yet to be sent an invitation to join the Workforce.com account.
Removing Account Access
Account access is removed by deactivating the employee profile or clicking 'Unlink Workforce.com profile' under the email field of a profile.
Best practices for managing security and privacy
Consider who has visibility of employment records now, and match these people to the correct Workforce.com permission level.
Test the impact of changes to permission level structures by having an admin select 'see Workforce.com as' in profile circle drop down to confirm what the role is able to see and do in the account.
When any permissions are added or removed from a user, an audit trail will be left below the employee profile detailing when the change was made, and who made the change.