Employee Record - Roles

Employees inherit the Roles that are assigned to the employees' home organization levels in the Organization Unit screen>Roles section. At the employee level, additional roles for this specific employee can be added.

• Higher access roles, such as Administrative or Supervisor roles can be assigned to the individual employee.
• Employees can be given a role that allows them to access the Notifications feature, even if their Primary Home organization unit does not have this role assigned to employees.

Access to notifications can be denied for certain employees who inherit access through their home organization unit.

To add a new authorization Role to an employee, complete the following steps:

1. With the employee record open, click on the Roles button in the employee Actions pane.
2. Click on the Add button in the left pane to open roles configuration screen.
3. Select the Classification from the drop down menu. To access standard roles configured in the system, select the Standard option. The other options (Customer, User Defined and Replicated) display customized roles assigned to the corresponding classification.

   Determines the type of system classification (for example, Standard, Customer, User Defined, or Replicated).

4. Select the appropriate Authorization Role Code from the Field Look Up Values. The options that display here depend on the Classification selected.

   Role code that determines which screens and processes the users have access to, and the level of access.

5. The Denied field defaults to No.

   Indicates whether the user should be denied permissions to the role at this level (Yes/No). When the Denied field is set to Yes, this overrides any inherited role for this user and removes data access.

   An inherited role is an authorization role that is indirectly assigned to an employee. This role is set up on any level of the Organization Unit screen>Roles section, and is automatically assigned to all employees whose Home labor distribution matches any of the levels of the organization unit. For example, if an employee belongs to a home labor distribution of Corporation A/Facility 1/Department 304/ Unit 1, he or she will "inherit" all the roles set up in the Organization Unit screen for Corporation A and for Facility 1 and for Department 304 and for Unit 1. An inherited role can be overridden at the employee level by assigning the employee the same role but with a different level of access (grant, deny or pass through).

   Note: Inherited roles are not listed in the Roles screen in the employee record. They can be viewed in the employee record on the TCS screen>Employee Authorization Information card.

6. Save the record.
7. Select the Data Access button from the Actions pane.
8. Select the appropriate Role assignment from the options listed below. Click on the link to view details on configuration of these options. Note: The results of the Request to Work search are based on the employee's position permissions and are not limited to the organization units set up on the Data Access screen.

   Profile permissions means that an employee has a position in their employee Labor Distribution record that matches one of the positions authorized to work the profile. Profile permissions is used in scheduling and also with the schedule assistant call off/call in wizard.

   For more information, see the Configuration section>Labor Distribution card>Profile.

   Add Employee Access Select the Add Employee Access button to open a screen to add or deny access to individual employees. The Employee Search criteria is available to search for one or more employees using the Basic or Advanced search options. After entering values in the selected fields, click on the Search button. The results are listed below the search screen. By default, the boxes to the left of each record are checked to select all records. Additional searches with different filter options can be run to add to the selected record results set. To de-select one or more record, click on the box to the left of the record to remove the check mark. To de-select all records in a specific search result set, click on the box above the search results to remove all check marks. Select one of the employee records to load all the selected records. All selected employee records are added to the Individual Employee Assignments list with a default access level of Grant. To deny access to one or more employees, click on the expand arrow to open the record and change the Classification field to Deny. Denying access to selected employees on this screen will override access to those employees which is set up on the Add Emp - Org Unit Access screen.

   Opens a search screen to add or deny access to specific employees.

   Add Emp - Org Unit Access The Add Emp - Org Access button opens a screen to add or deny access to employees in specific organization units for the user. For example, a user may be granted access to employees in all departments in a facility through the organization unit role. To remove access to employees of a single department, search for the department in this screen and set the access to Deny. To grant access to a specific organization unit and all organization units below it, click on the Add Emp - Org Access button. Enter the values in the organization unit fields through that organization unit level. In the Classification field, select Grant from the drop down menu. The system allows Pass Through access for all parent structure levels above the Granted organization unit, so the user can retrieve the lower organization unit options. In the example to follow, the user is given Pass Through access to structure levels 1-5 so that he or she can access the Level 6 structure option of "Medical". Click on the Save button. To grant access to employees in all organization structure levels, click on the Add Emp - Org Access button, but do not enter information in any of the organization unit fields. Click on the Save button. To remove access to employees from a single organization unit, click on the Add Emp - Org Access button and enter the values in the organization unit fields down to that organization unit level. In the Classification field, select Deny from the drop down menu. Click on the Save button. To remove access from a single employee within an accessible organization unit, click on the Add Employee Access button. Search for the employee to remove access from and check the box to the left of the name to select him/her. In the Classification field, select Deny from the drop down menu. Click on the Save button.

   Opens a search screen to add or deny access to all employees in specific organization units.

9. Click on the Save button to save this role record.

   Note: The Roles screen only displays roles assigned to this employee at the employee level, and not those assigned at the organization unit level. To view all role assignments for this employee, open the TCS screen and view the Employee Authorization Information card>Role tab. To view the employee's access to features and the roles granting that access, view the employee's Policy tab.

   Note: If an employee is assigned more than one Role, when accessing a screen or organization unit that has conflicting levels of access within the roles (e.g. read only, edit), the employee is granted the role with the HIGHER access level.

To remove an authorization role from an employee, complete the following steps:

1. With the employee record open, click on the Roles button in the employee Actions pane.
2. Click on the Add button in the left pane to open roles configuration screen.
3. Select the Classification from the drop down menu. To access standard roles configured in the system, select the Standard option. The other options (Customer, User Defined and Replicated) display customized roles assigned to the corresponding classification.

   Determines the type of system classification (for example, Standard, Customer, User Defined, or Replicated).

4. Select the appropriate Authorization Role Code from the Field Look Up Values. The options that display here depend on the Classification selected.

   Role code that determines which screens and processes the users have access to, and the level of access.

5. Set the Denied field to Yes.

   Indicates whether the user should be denied permissions to the role at this level (Yes/No). When the Denied field is set to Yes, this overrides any inherited role for this user and removes data access.

   An inherited role is an authorization role that is indirectly assigned to an employee. This role is set up on any level of the Organization Unit screen>Roles section, and is automatically assigned to all employees whose Home labor distribution matches any of the levels of the organization unit. For example, if an employee belongs to a home labor distribution of Corporation A/Facility 1/Department 304/ Unit 1, he or she will "inherit" all the roles set up in the Organization Unit screen for Corporation A and for Facility 1 and for Department 304 and for Unit 1. An inherited role can be overridden at the employee level by assigning the employee the same role but with a different level of access (grant, deny or pass through).

   Note: Inherited roles are not listed in the Roles screen in the employee record. They can be viewed in the employee record on the TCS screen>Employee Authorization Information card.

6. Save the record.