Configure Access Control & Permissions
Purpose
This article explains how to configure Access Profiles, which define what users can view and edit within the system.
Access Profiles ensure that permissions follow the organization’s governance rules — based on role, responsibility, company access, and data ownership.
Overview
Access Profiles allow administrators to:
-
Control who can access specific modules and functionalities
-
Set different permission levels (Read, Update, Full, etc.)
-
Restrict visibility based on Company or Self Content only
-
Assign profiles to multiple users to ensure security and compliance
✅ Proper access configuration prevents unauthorized changes and protects sensitive data.
Access Path
Control Center → System → Access Profiles
Permission Levels
Each Access Profile includes permissions for selected modules and features.
| Level | Meaning | Examples |
|---|---|---|
| Read | View information only | View People or Projects without editing |
| Update | Edit existing data | Modify a Person profile or add Skills |
| Create / Add | Insert new records | Add new job offers or resources |
| Delete | Remove records | Delete outdated files or entries |
| Full Access | All actions (view, create, update, delete) | System Administrator role |
⚠️ Most employee roles should not have Full access — restrict it to HR or Admin roles only.
Access Scope
Defines how widely users can view records:
| Scope | Access Coverage |
|---|---|
| Only Self Content | User sees only content linked to their own record (e.g., employee self-service) |
| Company-Level | User can view/manage data for specific companies |
| Tenant-Wide | Full visibility across all companies in the tenant |
💡 Combine access levels and scope to enforce security and minimize risk.
Permission Groups (Modules & Functional Features)
Access Profile Examples (Recommended Default Set)
| Profile Name | Intended Users | Permissions | Scope |
|---|---|---|---|
| System Administrator | IT / Tenant Admins | Full access to all modules | Tenant-Wide |
| HR Manager | HR Leads | Full access to People, Contracts, Recruitment | Company-Level |
| Talent Manager | Recruitment Leads | Full access recruitment, Read employees | Company-Level |
| Department Manager | Team & Project Managers | Read People in department, Manage allocations, View project costs | Company-Level |
| Project Manager | Project-assigned managers | Manage project teams and allocations, View limited financials | Company-Level or Only Self Projects |
| Finance Manager | Finance & Controllers | View/Manage salary policies, compensation packs & budgets | Company-Level |
| Employee (Standard) | General workforce | Self-service: view/update their own record | Only Self Content |
| Recruiter | Recruitment team | Full access to Job Offers, Applicants, Interviews | Company-Level |
| Read-Only Viewer | Auditors, externals | View selected modules only | Scope depends on contract |
💡 These examples give customers a fast starting point — they can duplicate and adjust them later.
Access Profiles include permission sets organized by:
| Module / Area | Controls Access To |
|---|---|
| Assortment Planning | Manage Product catalog, Service catalog, Fixed Assets |
| Entities Management | Manage cost centers, departments, suppliers |
| People Management | Recruitment, Career, Compensation Packs, Contracts |
| Sales Management | Opportunities • Clients • Commercial records |
| Projects Management | Project definition • Assignments • Project tasks & milestones |
| Resource management | Allocations, resource manager |
| Operations Management | Timesheet, Travel request, Billing, Invocing, Transactions, Account Overviews |
| Insights | Designs, Dashboards |
💡 Some modules include like People Management sub-level permissions (e.g., editing only Salary values inside Contracts).
How to Create or Modify an Access Profile
Create a Profile
-
Click Add Access Profile
-
Enter Name and Description
-
Select permissions by module and feature
-
Configure access scope (Tenant-Wide / Company / Only Self Content)
-
Click Save
Assign Users to a Profile
-
Open an existing Access Profile
-
Select Users
-
Add one or more users
-
Save changes
✅ Users immediately inherit the profile’s permissions.
✅ Best Practices
💡 Apply least-privilege principle — only provide the access needed for the role
💡 Create separate access profiles for HR, Operations, Finance, Admin
💡 Review permissions periodically, especially after role or scope changes
💡 Protect high-risk actions (delete, contract access) with restricted profiles
⚠️ Common Errors
| Issue | Solution |
|---|---|
| User cannot see expected data | Check Company Scope and Assigned Profile |
| Too much visibility across the organization | Verify Tenant-Wide is not selected by mistake |
| Missing permission for specific HR actions | Expand module-level permissions (e.g., Contract editing) |
| Profile duplicated accidentally | Rename or merge profiles for simplicity |
Related Articles
About People Management
Update Personal Information
Contract – Documents (cross-link for confidentiality management)
Configure Areas, Functions & Categories (cross-link to Career setup)
About Compensation Packs (for security roles affecting payroll and benefits)
✅ Access Profiles ensure users have the right level of access to perform their work securely and efficiently.
Help Center