Permission groups give you control over what information and functionalities each person in your organization has access to. This is extremely useful for cases where you have different users with different needs in terms of permissions.

If you wish to grant extra permissions to specific employees, you will be able to create custom groups of permissions.

Get the most out of Bob

Customizing permission groups is extremely useful for many cases, such as:

  • A Customer Experience employee will also be included in the Managers permission group once they’ve been promoted and gain access to the reports area.
  • A new joiner to the London finance team will automatically join as a site-specific finance team employee for your London office, only giving them access to the relevant information and actions for that role/group.
  • An IT employee will be removed from the IT staff group if they leave the company.

Save time updating participants by automating your permission groups using the condition-based participant selector and ensuring everyone has the correct permissions. See the history of all changes made to each permission group using the audit log.

Before you begin

We have set four default groups already, but you control the permissions so that you can change them to suit your company.

Admins Managers All employees Profile owners
This is the most powerful role with unlimited rights. Be careful with this one - with great power comes great responsibility. 

Notes:
- Only active employees can be added to these permission groups. Custom permission groups can include active and inactive employees.
- You cannot duplicate or delete the default permission groups, but you may edit them.
- An employee can be a member of multiple groups at any given time and gain rights from a combination of them.

How to create a custom permission group

Step 1: Create a group

617ba9ddf2630

  1. From the left menu, select Settings > Roles & Permissions.

  2. Click Add another group + or click Manage group to edit an existing permission group.

    Note: You can duplicate or delete an existing custom permission group. Hover over the right-hand side of the permission group tile you wish to duplicate. Click the three-dot menu that appears, then click Duplicate or Delete > Confirm.

  3. Enter a name for the permission group.

    Tip: If you're setting permission groups by location, use consistent naming across groups to find them easily, e.g., HR Admin - London, HR Admin - New York.

  4. In the Select Who's in This Group section, click Select or Edit.

  5. In Conditions, click + Add condition, select conditions in each dropdown menu or select specific employees from the dropdown menu, then click Apply.

    Tip: Use conditions to automate group membership; e.g., by creating a Site equals London condition, all current and new joiners to the London site will automatically be added to the group. You can add as many conditions as you'd like, and all conditions must be met for a person to be included in the permission group.

  6. Click Apply.

Step 2: Set permissions

Your newly created permission group will have all of the permissions switched off by default so that you can safely choose what permissions to include.

Permissions are split into two categories:

  • Other employees: related to employee info across Bob’s features

  • Company: related to configurations and work areas at the company level

Within the categories are different sections associated with the various features, and in each section, various permissions can be enabled or disabled.

617ba9e09f257

  1. In the Other employees and Company categories, select applicable product areas on the left-hand side.

  2. Enable ✔ or disable ❌  each feature type and related permissions.

  3. In the Applies To section, select which employees' information the permission group can access. Select All employees who are marked as Employed in the system, Select by condition by clicking Edit to create a highly targeted list using as many conditions as you like, or Select by name by clicking Select to select specific employees by name, then click Apply.

    Note: All conditions must be met for a person to be included in the permission group.

  4. Click Save Changes.
    A summary of the new permission group’s settings will appear for your review.
  5. Click Apply.

    Note: Admins will be notified when new members are added to the permission group.

Use case examples of custom permission groups

You can use conditions like Same as viewer and Is viewer to form groups based on the group members.

Example: Company with multiple locations

For example, if the group members are from London, selecting Site as Same as viewer will allow each group member to view employees only from their London site. Similarly, if the group members are HRBPs, selecting Job title as Is viewer will allow each HRBP to access the employees that each of the group members is their HRBP.

Integrations can be pretty complex for some Admins to do on their own. Set custom permissions for IT so they can set up integrations for all employees.

Example: IT Permission group
  1. Create a custom permission group for IT permissions, select the IT professionals you want to give the permissions to, then click Apply.
  2. In the Company category, select Integrations.

  3. Select the sections Calendar, Collaboration, Provisioning, Recruitment, SSO, and Time tracking & Scheduling, then enable Create, update and delete the integration for each section.

  4. In the Applies To section, select which employees' information the permission group can access. Select All employees who are marked as Employed in the system, Select by condition by clicking Edit to create a highly targeted list using as many conditions as you like, or Select by name by clicking Select to select specific employees by name, then click Apply.

    Note: All conditions must be met for a person to be included in the permission group.

  5. Click Save Changes.
    A summary of the new permission group’s settings will appear for your review.
  6. Click Apply.

How to review permission group changes

To see what changes have been made, you can view an audit log of all the permission setting changes over time.

617ba9e2e6898

  1. From the left menu, select Settings > Roles & Permissions.
  2. Click Manage Group for the permission group you'd like to audit.

  3. At the bottom of the Edit permission group page, click View audit.

  4. Select the Group Members tab to view changes to who belongs to the group, the Permissions tab to view the different permissions enabled or disabled for the permission group and its members, or the Applies To tab to view the employee(s) whose data and/or settings can be accessed.

FAQs

How can I delete a condition for who is in the permission group?

From the left menu, select Settings > Roles & Permissions. Click Manage Group for the permission group you'd like to edit. In the Select Who's in This Group section, click Edit. Hover over the condition you wish to delete, click the trash icon that appears to the right of the condition, click Apply, then click Save Changes. A summary of the new permission group’s settings will appear for your review, click Apply.

How can I remove a specific person from a permission group?

From the left menu, select Settings > Roles & Permissions. Click Manage Group for the permission group you'd like to edit. In the Select Who's in This Group section, click Edit. Click the Specific employees dropdown menu, mark the All checkbox, deselect the employee(s) you wish to remove from this specific permission group, click Apply, click Apply again, then click Save Changes. A summary of the new permission group’s settings will appear for your review, click Apply.