Steps for Denying an Inherited Organization Unit Role
Roles that are assigned to an organization unit are inherited by all the 
child organization units. If specific organization units should not have this role, it can be denied at any level.
A child organization unit is one that exists at a structure level in line below a parent organization unit. Organization units are parents of all organization units in structure levels in line below it and children of all organization structure levels in line above it.
To view a diagram of these relationships, see More About Parent/Child Relationships.
For example, the SYS General Employee is usually assigned at the highest organization unit level. But if an organization unit is created that will not use Time and Attendance and Staffing and Scheduling, the role can be denied for that organization unit and its children.
To deny an authorization role for a specific organization unit
- From the Configuration section>Organization Unit card>Organization Unit screen, open the organization record to be updated.
- Click on the Roles button in the left pane to open the roles assignment screen.
- Select Add to add a new record.
- Select the Classification and Authorization Role Code that match the role that is to be denied.
Role code that determines which screens and processes the users have access to, and the level of access.
Determines the type of system classification (for example, Standard, Customer, User Defined, or Replicated).
- The Denied field defaults to No. If this role is being denied to the employees of this organization unit, change this value to Yes.
Indicates whether the user should be denied permissions to the role at this level (Yes/No). When the Denied field is set to Yes, this overrides any inherited role for this user and removes data access.
An inherited role is an authorization role that is indirectly assigned to an employee. This role is set up on any level of the Organization Unit screen>Roles section, and is automatically assigned to all employees whose Home labor distribution matches any of the levels of the organization unit. For example, if an employee belongs to a home labor distribution of Corporation A/Facility 1/Department 304/ Unit 1, he or she will "inherit" all the roles set up in the Organization Unit screen for Corporation A and for Facility 1 and for Department 304 and for Unit 1. An inherited role can be overridden at the employee level by assigning the employee the same role but with a different level of access (grant, deny or pass through).
Note: Inherited roles are not listed in the Roles screen in the employee record. They can be viewed in the employee record on the TCS screen>Employee Authorization Information card.
- Save the record.
- A record now is displayed in the grid with a check mark in the Is Denied column to indicate this role has been denied. Note: Only roles that are assigned at this organization unit level are displayed in the grid. Inherited roles are visible in the Roles screen of the organization unit where they were assigned.
To deny an employee an authorization role inherited through the organization unit screen
- Click on the Employee button in the tool bar.
- Using the Employee Search screen, locate the employee whose role is to be updated.
To view inherited roles, from the Employee Sections, select the TCS screen. Open the Employee Authorization Information card, then select the Role tab. All the roles assigned to the employee are listed, including the source where they were assigned.
- Select the Role option from the Employee Sections in the left pane and click on Add.
- Enter the Classification and Authorization Role Code for the role that is to be denied.
Determines the user's authorized access to screens and fields in the application.
The roles displayed in the Field Look Up Values, and the access allowed by each role, are set up under the Configuration section > System card > Authorization Role screen.
Determines the type of system classification (for example, Standard, Customer, User Defined, or Replicated).
- Set the Denied field to Yes.
Indicates whether the user should be denied permissions to the role at this level (Yes/No). When the Denied field is set to Yes, this overrides any inherited role for this user and removes data access.
An inherited role is an authorization role that is indirectly assigned to an employee. This role is set up on any level of the Organization Unit screen>Roles section, and is automatically assigned to all employees whose Home labor distribution matches any of the levels of the organization unit. For example, if an employee belongs to a home labor distribution of Corporation A/Facility 1/Department 304/ Unit 1, he or she will "inherit" all the roles set up in the Organization Unit screen for Corporation A and for Facility 1 and for Department 304 and for Unit 1. An inherited role can be overridden at the employee level by assigning the employee the same role but with a different level of access (grant, deny or pass through).
Note: Inherited roles are not listed in the Roles screen in the employee record. They can be viewed in the employee record on the TCS screen>Employee Authorization Information card.
- Save the record.
- The denied Authorization Role is now listed in the grid with a check mark in the Is Denied column.
