Authorization to Approve, Deny, or Cancel a Request
Issues: Users assigned to a role do not have the required access to approve, deny or cancel a request--or assigned users have access to one or more functions they should not.
Troubleshooting Tips:
Users are able to Approve, Deny, Cancel and/or Delete a request if the proper authorization is set up on the related request screen. This access can be added or removed from a role.
Check the Employee record>TCS screen>Employee Authorization Information Card to view the policies assigned to an employee, and to determine the role granting access to that policy.
The Employee Authorization Information card displays the policies and roles assigned to an employee. This card is found in the TCS screen in the employee record.
Note: If this card is not visible, it can be added to the TCS by going under the Preferences section>My Preferences card>Time Card Screen and dragging the Employee Authorization Information card to the Selected column.
- Run the Authorization Control report for the specified role to view the details, including the level of override allowed. Below is a screen print of the attributes of the SS Supervisor role.
- If users do not have the required function access:
- The user can be assigned to another role with the required functionality access. More About Adding An Employee Role
- An existing non-standard role can be updated to grant the required access. More About Updating an Existing Role
- Remember that any changes to a role will update the access for ALL employees assigned to that same role.
- Standard roles cannot be edited--a new role must be created and modified.
- A new role can be created which has the required access and assigned to the user. More About Creating New Roles
New roles can be created by adding a role or by replicating an existing role that has most of the required attributes, and then modifying it to change the access.
- For more information on creating a new role, see Steps for Creating a New Role.
- A replicated role can also be replicated again, and modified to create another role with different attributes. For more information on replicated roles, see Steps for Replicating a Role.
Setting the Access for Request Status Updates:
- In the example below, the Education Transactions screen is being set for users to be able to Approve, or Deny records. They are not allowed to Cancel a record.
- From the Configuration section>System card, open the Roles screen.
- Search for and open the record to be updated, or create a new role.
- Click on the Authorization Controls button in the left pane.
- Expand the folders in the Authorization Policy Hierarchy to find the screen or policy to be updated. Note: In order to access a specific screen, the user must grant access to each of the levels above the selected screen. In the example below, the users are first given access to the Action Section, then the Approval Card, then Education Requests, and finally Education Transactions. More About Setting up Access to Parent Structure Levels
The steps to set up the access to parent structure levels are as follows:
- From the Configuration section>System card>Roles screen, locate and open the Role record to update.
- Select the Authorization Controls button in the left pane to access the Authorization Policy Hierarchy tree.
- In the Authorization Policy Hierarchy tree, highlight the Root level. The Section options are displayed in the right pane.
- For the parent Section record, click on the Add button to add this policy to the role. The button action is changed to Remove. In the example below, the Configuration Section is made accessible to this role.
- In the Authorization Policy Hierarchy tree in the left pane, highlight the parent Section option. The related Card options are displayed in the right pane.
- For the parent Card record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Assignments Card is made accessible to users in this role.
- In the Authorization Policy Hierarchy tree, highlight the parent Card of the policy to be viewed. The related Screen options are displayed in the right pane.
- For the parent Screen record, click on the Add button to add access to this card to the role. The button is changed to Remove. In the example below, the Holiday screen is made accessible to users in this role.
- To set the access for each function, click on the Add or Remove button to the left of the record. Clicking on this button alternately adds or removes access to this function.