Steps for Replicating an Authorization Role
A replicated Authorization Role creates a new role with all the attributes of the role that was copied. This role can then be modified to customize it. A replicated role can be replicated again and modified.
Complete the following steps to replicate and modify an existing role:
- From the Configurations section>System card select the Authorization Role screen.
- From the Authorization Role Search screen, enter search criteria to find the role to be replicated.
- Click on the folder to the left of the selected role to open the record.
- Click on the Replicate button in the left pane to create a new role with the same attributes as the existing role.
- The Code is automatically entered as "Copy of (name of replicated role)" but this can be updated.
The alphanumeric short name or abbreviation identifying this authorization role.
- The Description defaults to the same description as the replicated role, but this can also be changed.
The label describing this authorization role.
- In the Self Assignment field, indicate whether the employees with this role have access to their own record, even if they don't have access to other employees in the organization unit.
Indicates whether employees are able to access their own employee record, even if they do not have access to any of the organization authorization levels associated with their employee record (Grant/Deny).
- Indicate whether this role is Active (Yes/No)
Indicates whether this is an active Authorization Role which can be assigned to users (Yes/No).
- In the Is Deny Access Overrideable field, indicate whether the inherited Data Access can override direct denied access.
Indicates whether the inherited Data Access can override direct denied access. (Yes/No).
In the Is Available Externally field, select whether the role can be used when a web server is defined as an external web server.
- Save the record.
- The Authorization Control button is now enabled. Select this button. The following screen is displayed. In the left pane, the Authorization Policy Hierarchy shows the different section and screen options, displayed in a tree view.
- Expand the tree to find the Authorization Policy Hierarchy level to be modified. The right pane displays all the options below the root level, including all the sections that are displayed on the tool bar.
- Open the Section or Card to be modified.
- To add additional Authorization Policies, click on the Add button to the left of the policy.
- To remove access to previously assigned Authorization Policies, click on the Remove button to the left of the policy.
- To edit existing Authorization Policies, click on the card arrow on a record to open and view the details.
- On the General tab, for each level of access, select Yes or No to indicate if users should have that level of access for the general record.
- If there is a Field tab, click on that to configure individual fields.
- The check boxes indicate the level of access granted for each of the listed fields. The settings default to the levels set up on the previous screen, but any of the fields can be updated here by checking or un-checking the boxes.
- The Exclusion Time tab is available on some policies. This opens a screen to configure days and times that the policy is not available to users with this role. For example, TimeCall employees can be excluded from checking benefit balances during shift change times. For more information on setting up this tab see Configuration section>System card>Roles>Exclusion Time tab.
- Click on the Save button. The access levels are displayed on the screen.
- Continue down the Authorization Policy Hierarchy tree, editing access to the Sections, Cards, Screens and Fields (if applicable) that the users in this role should have.
- Click on the Level Assignments section button in the left pane.
- Enter the Authorization Level to indicate the level of access for this role (e.g. administrator, supervisor, employee, etc.)
Determines the authorization level associated with the authorization role (e.g. employee, administrator, supervisor, controller, etc.).
- Enter the Authorization Level Category (used for supervisor Authorization Level assignments) to determine if the supervisor access should be approver, editor, or read only.
Determines the level of access associated with the role, usually associated with a supervisor role (e.g. approver, editor, read only).
Based on this setting, an icon may be displayed on the Time Card Reports and on the Supervisor card in the employee TCS screen.
|
Approver
|
Approving supervisors have both editing and approving capabilities. The Supervisor may view, edit and approve a report for return to payroll. There may be multiple approving supervisors for any given employee. Approving supervisors are typically those individuals who "sign off" or approve Time Card reports.
|
|
Editor
|
Editing supervisors have editing capabilities, but not approving capabilities. An employee may have multiple editing supervisors.
|
|
Read Only
|
Read-only supervisors do not have approval or editing capabilities. Read-only supervisors are typically individuals who review reports, but have no need to make any edits to the information.
|
Note: Access to this role can be granted to employees either through their home organization unit in the Configuration section>Organization Unit card>Organization Unit screen>Roles section or through the Employee section>Employee record>Roles screen.
Overriding Schedule Validation Exceptions
Depending on Roles assigned to users, they may be able to override validation messages and continue to add, edit, or approve a schedule. If users do not have the authorization to override the exception, there is no option to continue and save the transaction.
Override access is determined by:
- The Maximum Severity Level override allowed by the user's role
- The Severity Level of the exception message
Maximum Severity Level Override Allowed by the User's Role
Depending on the role assigned to users, they may be able to override the exception message generated when a scheduling rule is violated by adding, editing, or approving a request for a schedule.
The roles are found in the Configuration section>System card>Roles screen.
In the Maximum Severity Level field, indicate the severity level of the validation exception that can be overridden. Severity levels (in order of severity) are Critical, Warning, and Informational. All exceptions with that severity level or below can be overridden for assigned users. For example, if this value is set to Warning, this user can override validation exceptions of Warning and Informational, but cannot override exceptions with a severity level of Critical. If no value is entered in this field, the user cannot override ANY level of exception message.
Severity Level of the Exception
Severity levels for a validation rule are set up on the Configuration section>System card>Exception Value screen, in the Severity Level field. Severity levels (in order of severity) are Critical, Warning, Informational, or None.
Note: The severity level displayed in the warning message may not match the value set up on this screen. If the user is able to override the error, then the level is displayed as Warning regardless of the actual exception definition severity level. If the user is not able to override the error then the level is displayed as Critical regardless of the exception definition.