Setting Read, Create, Edit, and/or Delete Access to Records

Issues: Users assigned to a role do not have the required access to read, create, edit and/or delete a specific record--or assigned users have access to one or more functions they should not.

Troubleshooting Tips:

Users are able to Read, Create, Edit and/or Delete a record if the proper authorization is set up on the related policy screen. For example, users assigned to a role are able to open the Holiday screen and Read records, Create new records, and Edit existing records because the access for these functions are set to Yes. They cannot Delete a record because that function is set to No.

1. Check the Employee record>TCS screen>Employee Authorization Information Card to view the policies assigned to an employee, and to determine the role granting access to that policy.

   The Employee Authorization Information card displays the policies and roles assigned to an employee. This card is found in the TCS screen in the employee record.

   Note: If this card is not visible, it can be added to the TCS by going under the Preferences section>My Preferences card>Time Card Screen and dragging the Employee Authorization Information card to the Selected column.

   • The Policy tab displays the policies (e.g. access to sections, cards, screens, functions) assigned to the employee and the role(s) that grant the employee that policy.
   • The Role tab displays the roles assigned to the employee and whether the role has been assigned directly to the employee (though the employee Roles in the employee record) or indirectly through an organization unit role. If the role is assigned indirectly, the organization unit where the role is assigned is listed in the Organization Unit column.

     Click a role to be taken to the role's configuration screen or click its assignment to be taken to the employee's role screen (Direct) or the organization unit's role screen (Indirect).

2. Run the Authorization Control report for the specified role to view the details, including the level of override allowed.
3. If users do not have the required authorization level for the required functionality:
   • The user can be assigned to another role with the required functionality access. More About Adding An Employee Role
     • To find which roles provide the required authorization capabilities, run the Authorization Control report, found in the Reports section>System card.
     • Assign the appropriate role to the employee through the Employee record>Roles screen. See the instructions on Steps for Adding an Employee-Level Role.
   • An existing non-standard role can be updated to grant the required access. More About Updating an Existing Role
     • Remember that any changes to a role will update the access for ALL employees assigned to that same role.
     • Standard roles cannot be edited--a new role must be created and modified.

   • A new role can be created which has the required access and assigned to the user. More About Creating New Roles

     New roles can be created by adding a role or by replicating an existing role that has most of the required attributes, and then modifying it to change the access.

     • For more information on creating a new role, see Steps for Creating a New Role.
     • A replicated role can also be replicated again, and modified to create another role with different attributes. For more information on replicated roles, see Steps for Replicating a Role.

Setting the Allowed Functionality:

In the example below, the Holiday screen is being set for users to be able to read, edit and create records. They are not allowed to delete existing records.

1. From the Configuration section>System card>Role screen, open the record to be updated, or create a new role.
2. Click on the Authorization Controls button in the left pane.
3. Expand the folders in the Authorization Policy Hierarchy to find the screen or policy to be updated. Note: In order to access a specific screen, the user must grant access to each of the levels above the selected screen. In the example below, the users are first given access to the Configuration Section and then the Assignments Card. The Holiday screen is then available to set up by selecting the Add button to the left of the record. More About Setting up Access to Parent Structure Levels

   The steps to set up the access to parent structure levels are as follows:

   1. From the Configuration section>System card>Roles screen, locate and open the Role record to update.
   2. Select the Authorization Controls button in the left pane to access the Authorization Policy Hierarchy tree.
   3. In the Authorization Policy Hierarchy tree, highlight the Root level. The Section options are displayed in the right pane.
   4. For the parent Section record, click on the Add button to add this policy to the role. The button action is changed to Remove. In the example below, the Configuration Section is made accessible to this role.

      

   5. In the Authorization Policy Hierarchy tree in the left pane, highlight the parent Section option. The related Card options are displayed in the right pane.
   6. For the parent Card record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Assignments Card is made accessible to users in this role.

      

   7. In the Authorization Policy Hierarchy tree, highlight the parent Card of the policy to be viewed. The related Screen options are displayed in the right pane.
   8. For the parent Screen record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Holiday screen is made accessible to users in this role.

      

4. Open the policy record by clicking the card arrow on the record.
5. For each function, set the value to Yes or No by clicking on the arrow to the left of the field and then selecting the setting.
6. Save the record.