Steps for Adding a New Authorization Role

Creating a New Authorization Role:

1. From the Configurations section>System card select the Authorization Role screen.
2. Click on the Add button to add a new role.
3. Enter a short, alphanumeric Code to identify this role, and a Description to describe it.

   The label describing this authorization role.

   The alphanumeric short name or abbreviation identifying this authorization role.

4. In the Self Assignment field, indicate whether employees with this role have access to their own record, even if they don't have access to other employees in the organization unit.

   Indicates whether employees are able to access their own employee record, even if they do not have access to any of the organization authorization levels associated with their employee record (Grant/Deny).

5. Indicate whether this role is Active (Yes/No).

   Indicates whether this is an active Authorization Role which can be assigned to users (Yes/No).

6. In the Is Deny Access Overrideable field, indicate whether the inherited Data Access can override direct denied access.

   Indicates whether the inherited Data Access can override direct denied access. (Yes/No).

7. In the

   Is Available Externally

   field, select whether the role can be used when a web server is defined as an external web server.
8. Save the record.
9. The Authorization Control button is now enabled. Select this button. In the left pane, the Authorization Policy Hierarchy shows the different section and screen options, displayed in a tree view.
10. Highlight the Root level in the left pane.
11. The right pane displays all the options below the root level, including all the sections that are displayed on the tool bar.
12. For each option that should be assigned to this role, click on the Add button to the left of the record. This button is now changed to Remove. Note: Assigning access to the sections allows the users to view and select the section icons in the tool bar. This access is required in order to access the cards and screens under the section.
13. If the role is to include any action policies, highlight the Actions Section level in the Authorization Policy Hierarchy. A listing of all the cards options in the Action section is displayed.
14. Click on the Add button of each card that this role should have access to. The button is now changed to Remove. Note: Adding access to the cards allows the employees to view and select the cards in the section screens.
15. In the Authorization Policy Hierarchy, highlight a card that the user should have access to. All of the screens within the card are displayed.
16. For each screen the user should be able to access, click on the Add button. The button now changes to Remove.
17. Some of the screens do not need any additional configuration. For example, the Change Password and Change PIN authorizations give the user execution rights to these functions.
18. Other screens need additional configuration of access levels. Click the card arrow on the record to open and view the details.
19. On the General tab, for each level of access, select Yes or No to indicate if users should have that level of access for the general record.
20. If there is a Field tab, click on that to configure individual fields.
21. The check boxes indicate the level of access granted for each of the listed fields. The settings default to the levels set up on the General screen, but any of the fields can be updated here by checking or un-checking the boxes.
22. The Exclusion Time tab is available on some policies. This opens a screen to configure days and times that the policy is not available to users with this role. For example, employees can be excluded from checking benefit balances during shift change times. For more information on setting up this tab see Configuration section>System card>Roles>Exclusion Time tab.
23. Click on the Save button. The access levels are displayed on the screen.
24. Continue down the Authorization Policy Hierarchy tree, giving access to the Sections, Cards, Screens and Fields (if applicable) that the users in this role should be able to access.
25. Click on the Level Assignments section button in the left pane.
26. Enter the Authorization Level to indicate the level of access for this role (e.g. administrator, supervisor, employee, etc.)

    Determines the authorization level associated with the authorization role (e.g. employee, administrator, supervisor, controller, etc.).

27. Enter the Authorization Level Category (used for supervisor Authorization Level assignments) to determine if the supervisor access should be approver, editor, or read only.

    Determines the level of access associated with the role, usually associated with a supervisor role (e.g. approver, editor, read only).

    Based on this setting, an icon may be displayed on the Time Card Reports and on the Supervisor card in the employee TCS screen.

    	Approver	Approving supervisors have both editing and approving capabilities. The Supervisor may view, edit and approve a report for return to payroll. There may be multiple approving supervisors for any given employee. Approving supervisors are typically those individuals who "sign off" or approve Time Card reports.
    	Editor	Editing supervisors have editing capabilities, but not approving capabilities. An employee may have multiple editing supervisors.
    	Read Only	Read-only supervisors do not have approval or editing capabilities. Read-only supervisors are typically individuals who review reports, but have no need to make any edits to the information.

    Note: Role assignments can be granted to employees either through their primary home organization unit in the Configuration section>Organization Unit card>Organization Unit screen>Roles section or through the Employee section>Employee record>Roles screen.