Permission groups give you control over what information and functionalities each person in your organization has access to. This is extremely useful for cases where you have different users with different needs in terms of permissions.

Get the most out of Bob

Customizing permission groups is extremely useful for many cases, such as:

  • A Customer Experience employee will also be included in the Managers permission group once they’ve been promoted and gain access to the reports area.
  • A new joiner to the London finance team will automatically join as a site-specific finance team employee for your London office, only giving them access to the relevant information and actions for that role/group.
  • An IT employee will be removed from the IT staff group if they leave the company.

Save time updating participants by automating your permission groups using the condition-based participant selector and ensuring everyone has the correct permissions. See the history of all changes made to each permission group using the audit log.

Before you begin

We have set four default groups already, but you control the permissions so that you can change them to suit your company.

Admins All employees Managers Profile owners
This is the most powerful role with unlimited rights. Be careful with this one - with great power comes great responsibility.
Notes:
  • Only active employees can be added to these permission groups. Custom permission groups can include active and inactive employees.
  • You cannot duplicate or delete the default permission groups, but you may edit them.
  • An employee can be a member of multiple groups at any given time and gain rights from a combination of them.

How to create a custom permission group

Step 1: Create a group

617ba9ddf2630

  1. From the left menu, select Settings > Roles & Permissions.
  2. Click Add another group + or click Manage group to edit an existing permission group.

    Note: You can duplicate or delete an existing custom permission group. Hover over the right-hand side of the permission group tile you wish to duplicate. Click the three-dot menu that appears, then click Duplicate or Delete > Confirm.

  3. Enter a name for the permission group.

    Tip: If you're setting permission groups by location, use consistent naming across groups to find them easily, e.g., HR Admin - London, HR Admin - New York.

  4. In the Select Who's in This Group section, click Select or Edit.
  5. In Conditions, click + Add condition, select conditions in each dropdown menu or select specific employees from the dropdown menu, then click Apply.

    Tip: Use conditions to automate group membership; e.g., by creating a Site equals London condition, all current and new joiners to the London site will automatically be added to the group. You can add as many conditions as you'd like, and all conditions must be met for a person to be included in the permission group.

  6. Click Apply.

Step 2: Set permissions

Your newly created permission group will have all of the permissions switched off by default so that you can safely choose what permissions to include.

Permissions are split into two categories:

  • Other employees: related to employee info across Bob’s features
  • Company: related to configurations and work areas at the company level

Within the categories are different sections associated with the various features, and in each section, various permissions can be enabled or disabled.

617ba9e09f257

  1. In the Other employees and Company categories, select applicable product areas on the left-hand side.
  2. Enable ✔ or disable ❌  each feature type and related permissions.
  3. In the Applies To section, select which employees' information the permission group can access.
    • Select All employees who are marked as Employed in the system.
    • Select by condition by clicking Edit to create a highly targeted list using as many conditions as you like, then click Apply.
    • Select by name by clicking Select to select specific employees by name, then click Apply.

      Note: All conditions must be met for a person to be included in the permission group.

  4. Click Save Changes.
    A summary of the new permission group’s settings will appear for your review.
  5. Click Apply.

    Note: Admins will be notified when new members are added to the permission group.

Use case examples of custom permission groups

You can use conditions like Same as viewer and Is viewer to form groups based on the group members.

Example: Company with multiple locations

For example, if the group members are from London, selecting Site as Same as viewer will allow each group member to view employees only from their London site. Similarly, if the group members are HRBPs, selecting Job title as Is viewer will allow each HRBP to access the employees that each of the group members is their HRBP.

Integrations can be pretty complex for some Admins to do on their own. Set custom permissions for IT so they can set up integrations for all employees.

Example: IT Permission group
  1. Create a custom permission group for IT permissions.
  2. Select the IT professionals you want to give the permissions to, then click Apply.
  3. In the Company category, select Integrations.
  4. Select the sections AutomationCalendar, Collaboration, CRM, PayrollProvisioning, Recruitment, SSO, Storage, and Time tracking & Scheduling, then enable Create, update and delete the integration for each section.
  5. In the Applies To section, select which employees' information the permission group can access. Select All employees who are marked as Employed in the system, Select by condition by clicking Edit to create a highly targeted list using as many conditions as you like, or Select by name by clicking Select to select specific employees by name, then click Apply.

    Note: All conditions must be met for a person to be included in the permission group.

  6. Click Save Changes.
    A summary of the new permission group’s settings will appear for your review.
  7. Click Apply.

You may want to grant HR professionals at each site the ability to add new people to the company and complete the new hire flow, without giving permissions to other Admin capabilities, such as managing company settings.

Example: Recruitment Admins

Instead, create a recruitment admin custom permission group to grant specific permissions to HR professionals.

Notes:
  • These permissions will also be available for the given employee outside the new hire flow.

  • The following steps are examples of how you can grant permissions to non-Admins and automate adding a new hire. Grant permissions specific to your organization’s needs.
  1. Create a custom permission group for regional admins for multiple sites. For example, create a custom permission group for your Tel Aviv office.
  2. Select the regional professionals you want to give the permissions to, then click Apply.
  3. In the Company tab, select People. In the Employees section, enable:
    • Add new people to the company to open the + New hire option in the Directory.
    • Invite people to join Bob to send the new hire Bob invitation within the employee onboarding flow.
  4. In the Other employees tab, select Benefits, then enable Add and manage selected people’s active benefits in the Active benefits section.
  5. Select Docs, then enable:
    • Request eSign for employee in the eSign templates section
    • Request read approval, View selected employee requests, and Manage select employee requests in the Requests section
    • View and Upload selected employees’ docs in the folder in each relevant folder section.
  6. Select Time off, then enable Create and manage selected people's time off requests in the Requests section.
  7. Select Tasks and flows, then enable Trigger task lists for selected people (manually or automatically) in the Task lists section.
  8. In the Applies To section, select which employees' information the permission group can access. Select by condition, click Edit to create a highly targeted list using as many conditions as you like, such as Site and Lifecycle status equals Hired and Employed, then click Apply.

    Note: All conditions must be met for a person to be included in the permission group.

  9. Click Save Changes.
    A summary of the new permission group’s settings will appear for your review.
  10. Click Apply.

How to review permission group changes

View an audit log of all the permission setting changes over time to see what changes have been made.

617ba9e2e6898

  1. From the left menu, select Settings > Roles & Permissions.
  2. Click Manage Group for the permission group you'd like to audit.
  3. At the bottom of the Edit permission group page, click View audit.
  4. Select the Group Members tab to view changes to who belongs to the group, the Permissions tab to view the different permissions enabled or disabled for the permission group and its members, or the Applies To tab to view the employee(s) whose data and/or settings can be accessed.

FAQs

How can I delete a condition for who is in the permission group?
From the left menu, select Settings > Roles & Permissions. Click Manage Group for the permission group you'd like to edit. In the Select Who's in This Group section, click Edit. Hover over the condition you wish to delete, click the trash icon that appears to the right of the condition, click Apply, then click Save Changes. A summary of the new permission group’s settings will appear for your review, click Apply.

How can I remove a specific person from a permission group?
From the left menu, select Settings > Roles & Permissions. Click Manage Group for the permission group you'd like to edit. In the Select Who's in This Group section, click Edit. Click the Specific employees dropdown menu, mark the All checkbox, deselect the employee(s) you wish to remove from this specific permission group, click Apply, click Apply again, then click Save Changes. A summary of the new permission group’s settings will appear for your review, click Apply.

What is the difference between the people chosen in Select who’s in this group and those chosen in Applies to?
The people in Select who’s in this group are those chosen for the permission group you are creating. They will have the permissions you grant them in the Manage permissions section in Roles & Permissions.

The people chosen in the Applies to section are those on which the permission group can view and perform actions.

For example, you create a permission group and choose your HR professionals in Select who’s in this group, enable Request read approval in Docs in the Other employees tab. Select Site equals Tel Aviv in the Applies to section. These HR professionals will only be able to request read approval for docs from employees at the Tel Aviv site, not your London or Amsterdam locations.

Which permissions can I not grant to custom permission groups?
You can create a custom permission group for various groups of people and grant them permissions in the Manage permissions section. However, some permissions are exclusive to the default Admins group, as this is the most powerful group. The admin permissions that you cannot provide to a custom group include:

  • Other employees: View selected people's scheduled reports, View own company shared goals or View own company personal goals.
  • Company: Manage company groups, Manage billing, Enable/disable Bob features for your company, Integrate info from bob with external services (calendars, SSO, etc.), Manage authorization groups and log in as other people, Edit the company's details (name, logo, etc.), Delete the company's profile and all its data, and Change task list owner.