User Access via Authorization Roles

Each user is assigned one or more authorization roles. Roles control the following:

• The actions, screens, and fields a user can access.
• The level of control a user has of the elements they can access.

  Read access	Users can view information but cannot make any changes. Read access to specific fields are grayed out.
  Create access	Users have authorization to add new records. The Add action button is visible in the left pane to add a new record.
  Edit access	Users can update existing records, and add or change information.
  Delete access	Users can delete existing records. The Delete and/or Delete Selected action buttons are visible in the left pane.

• The organization units, employees, pay codes, special codes, and override codes the user can access, defined as data access.

Employees are assigned roles and data access in one of two ways:

• Inherited through the role assigned to their home labor distribution through the Configuration section > Organization Unit card > Organization Unit screen > Roles section screen.
• Assigned directly to the employee in the Employee section> Employee record > Roles screen.

  Note: If an employee is assigned more than one role, and the level of access to a particular element conflicts, the employee is granted the role with the HIGHER access level unless the data access is set to Denied. Data access that is denied will override any granted access for that record, and for any organization unit children of that record. For more information, see the Employee Record > Data Access screen.

You can also deny data access to pay codes and special codes by assigning pay code and special code exclusions to unions. The data access associated with an employee's union trumps all other data access associated with their roles.