Steps to Decrease Access Levels to Certain Employees
When access to an organization unit is granted to a supervisor, there may be certain employees within that organization unit that the supervisor should have a different level of access level for. For example, a supervisor may be granted Editing access an organization unit, but there may be some employees that the supervisor should have Approving access (higher level) and some employees that the supervisor should have Read Only access (lower level).
If a supervisor is assigned more than one level of access to an employee (either indirectly through an organization unit-level assignment or directly through employee-level assignment), he/she is automatically granted the higher level. Therefore, when increasing the access level to certain employees, an additional role with a higher status can be assigned at the employee level. However, when decreasing the access level to certain employees, the existing higher-level access role must first be set to Denied, and then a lower-level access role can be assigned at the employee level. A supervisor may have access to the same employee through assignments at different organization unit levels. Be sure to disable all the organization unit assignments for the employee.
Complete the following steps to decrease the access to specific employees within an assigned organization unit.
Step 1: Disable Existing Access Levels:
Step 2: Enable New Access Levels:
These steps are explained in more detail below:
Step 1: Disable Existing Access Levels:
- From the Configuration section>Employee card, select the Supervisor Assignment screen.
- Using the Employee Search screen, search for and select the Supervisor record to edit.
- Click on the Add Employee Assignment button.
- Select the type of role Classification for this assignment from the drop down menu.
The level of access of this supervisor for the indicated organization unit or employee. Note: These roles must first be assigned to the supervisors through the Roles screen in their employee record. Then the roles are available in the Field Look Up Values.
- Select the Authorization Role Code that identifies the access the supervisor currently has for the selected employees' organization unit.
The level of access of this supervisor for the indicated organization unit or employee. Note: These roles must first be assigned to the supervisors through the Roles screen in their employee record. Then the roles are available in the Field Look Up Values.
- In the Denied field, enter Yes.
Indicates whether access to this employee is denied (Yes/No). This setting can be used to deny access to a single employee (e.g. another supervisor) when the supervisor is given access to an organization unit.
- Click on the Continue button in the left pane.
- The Employee Search screen is displayed to enter criteria to search for the employee records to be included with this assignment. Click on the Advanced button in the left pane to open a screen with additional search criteria.
- Enter Search.
- Check the box to the left of each employee's name to select their record.
- Click on the Assign Selected button to remove the assignment of all the selected employee records to this supervisor.
Note: A supervisor may have access to the same employee through assignments at different organization unit levels. In the screen print below, the supervisor has access to Helen Green at the Department Level 1201.31113 as an Editing Supervisor and at the Unit Level 1201.31113.3 as an Approving Supervisor. Both these assignments must be set to Denied separately. Repeat steps 1-9 above.
Step 2: Enable New Access Levels:
- Click on the Add Employee Assignment button again in the left pane.
- Select the type of role Classification for the new assignment from the drop down menu.
Determines the type of system classification (e.g.standard, customer, user-defined, replicated) of the role.
More About Classification Options
The Classification options are as follows:
|
A record that is core to the system and included for all clients.
|
|
A record that was custom designed for a specific client.
|
|
A record that was created by a user in the system. When a new record is entered in the screen by clicking on the Add button, it is automatically given a status of User-Defined.
|
|
A record that was copied from an existing record, and then updated to change certain settings. When a new record is created by clicking on the Replicate button, it is automatically given a status of Replicated.
|
- Select the Authorization Role Code that identifies the access level the supervisor should now be granted.
The level of access of this supervisor for the indicated organization unit or employee. Note: These roles must first be assigned to the supervisors through the Roles screen in their employee record. Then the roles are available in the Field Look Up Values.
- In the Denied field, enter No.
Indicates whether access to this employee is denied (Yes/No). This setting can be used to deny access to a single employee (e.g. another supervisor) when the supervisor is given access to an organization unit.
- Click on the Continue button in the left pane.
- The Employee Search screen is displayed to enter criteria to search for the employee records to be included with this assignment. Click on the Advanced button in the left pane to open a screen with additional search criteria.
- Enter Search.
- Check the box to the left of each employee's name to select their record.
- Click on the Assign Selected button to add the new assignment of all the selected employee records to this supervisor.
- The employee name is displayed multiple times in the Individual Employee Assignments screen--with each original access set to Is Denied and once with the new assignment.