This document relates specifically to the security of Records and specifying different levels of access for different user roles.  Note that there have been no changes to the handling of Field security, which is distinct from the controls used for Records and Documents.

We refer to the access to Records and Documents as Access Rights.  This article is intended to describe how Appogee HR makes Access Rights visible where they have been modified from the defaults that have been specified.  

The screen below shows where Record Security settings are maintained, and specifically draws attention to the “advanced options” setting which has to be specifically set up  to allow Access Rights defaults to be overridden if that is what is desired.


The screen above shows the security settings for records which are to be added to an employee profile category called “Employment, Right to Work”.  As shown, any record added to the user profile will be flagged as Read Only both for the Employee and the Team Manager.  If we want to allow a Team Manager to be able to be able to edit these record we can do so by changing the Access Rights to Read & Edit.  That change will then be applied to all records added to the Employment category.  If, however, you want to allow Team Managers only an occasional ability the Edit a record we need to allow the default setting to be over-ridden, and this can be set via the Advanced Options screen.

Employees never get an ability to override Access Rights, and if advanced options are set then users with the HR role will always have the ability to override Access Rights.  Team Managers also have Editor access they also cannot ever be permitted a permissions override.  Note that, once an over-ride has been set, the Advanced Options section cannot be collapsed.

Once you make changes you need to save them, when you will get a confirmation dialog box making clear what changes you are about to commit:

Now, when we add an employee record for this category, a user with the HR or Team Manager (Editor) role we get an opportunity to change the Access Rights for this specific record by checking the "Override default access" box.

This takes us to a confirmation dialog allowing us to explicitly configure access permissions for this record for either or both of the Employee and Manager(s).

Now we add a Right to Work record for an employee, we make it easier to see the Access Rights for Employees and Team Managers, and make clear where this has been modified from the default.  In our case we have allowed Employees Read and Edit access so the Records tab for the Employment Profile shows our Birth Certificate record and the Employees have higher than default access.  This is flagged with an up arrow next to the Edit access level they have which is flagged with a pencil icon.  The Access keys below explain the meaning of the icons used.

Document security works in a consistent manner.  

Company Docs are classified by Document Type.  Access is configured from the Process Config menu, under Company Document Types where you can specify Document Type Security.

In this example we have a Document Type called Employee Templates to which Employees have Read access and Team Managers have both Read and Edit access.

Advanced options can allow holders of the Team Manager or HR roles to override security on a specific Company Document in the Employee Templates category.