Roles are user rights settings that you can attribute to multiple users.
It allows you to save time and gain safety in managing your different users' access rights.
This article explains the important steps in creating and configuring a role that you will attribute to one or multiple users.
Creating a role
Administration > Managers/Roles > Roles tab
When clicking on the (+) button, you have the possibility to create a role manually but this would imply you entirely revisit your thinking on what perimeters are allowed and what restrictions to give your managers.
That's why we advise you to create your roles directly from an existing role in order to save time and to keep the same perspective you have on giving access to main modules.
When you select to "Create a role from a template", you can then choose amongst your existing roles.
You will only have to name it and check the access to different modules in order to adapt this new role as you wish. This will allow you to, for example, create a restricted role and later a more extended role for senior profiles (i.e. junior sales manager / senior sales manager).
If your list is empty, this would mean you have not created roles yet. But no worries! Our roles library is available to inspire you.
Good to know
Your BoondManager interface offers a few default roles: the Super User manager role as well as 3 Intranet roles (Intranet account - Employee; Intranet account - Freelancer; Intranet account - Subcontractor).
- The Employee Intranet grants, by default, access to the Timesheets, Expenses, and Absences modules.
- The Subcontractor Intranet grants, by default, access to the Timesheets and Expenses modules.
- The Freelancer Intranet grants, by default, access to the Timesheets, Expenses, and My Invoices modules.
Of course, you can modify the default settings if needed and choose the appropriate intranet when activating the intranet for your resources (see the dedicated article here).
Please note that you might find these roles labeled in French by default, feel free to choose the label that suits you best.
Configuring a role
Agencies
When configuring roles, you define for each module the accessible perimeters. In that way, when your interface has multiple legal agencies, you can create a global role then decide that secondary agencies are chosen on each manager card or decide to create specific roles for each agency, in which case you can select to replace secondary agencies with the ones in the configured role.
In each case, managers are always attached to a main agency.
This configuration will allow you to later select "Their agencies" (implying : their main agency and secondary agency/agencies) in their perimeter for accessing modules and therefore allow you to hide some data.
Poles
The same principle is applicable for poles.
Warning: There are no obligations to create poles. Poles simply allow you to separate your activity in another way, other than with agencies, by attaching cards.
In that way, two cards assigned to two different agencies can be attached to one same pole. It allows you to filter by pole in different modules as well as analyse performance by poles in the Reporting module.
Our recommendation
To have coherence in terms of roles, it is preferable to rather create a role that can adapt to the agencies and poles of a manager (except if you encounter a particular case). It is, indeed, preferable to manage agencies and poles through manager cards rather than role cards.
You have the choice to activate or deactivate any module and to, then, click on the cogwheel icon to configure their access.
Generally, for each module you have 3 sections you can configure:
There are also particularities to each module.
Particularities by module
In the Candidates module, you can limit access according to the type of cards but also according to their states.
Excluding cards by specific types
This feature allows you to, for example, hide data that you might deem confidential such as your staff's Candidate cards.
In the example above, this manager will be able to see the list of Candidates and the information listed in this view (such as email and phone number), however, if clicking on a card, the manager will get to a page with access denied.
Excluding cards by specific states
This allows you to, for example, hide data that you might deem confidential such as the Administrative tab that includes the estimated and proposed contract and salary of a future employee.
In the example above, this manager can see all candidates in their list as well as the entirety of their card information except for the Administrative tab and its content when the canditate is in the "Converted into Resource" state .
Restrictions can be combined with one another.
Warning
This does not make the card invisible to the manager with such restrictions in their role. The card will be available in the search list of the module.
Restrictions only apply if the user and their N-1 are not main manager of the cards in question.
Contracts
Access to the contractual data of candidates depends on the access rights and restrictions given in the Card section. In other words, the user can read and edit contracts of candidates whose Administrative tab has "Writing" access.
In the Miscellaneous section, you can also decide to give (or not) your managers access to creating "Proposed contracts".
In the Resources module, you can limit access:
- according to the type of the cards
- according to the state of the cards
- if the resource has a manager account
- if the resource does not have any main manager (generally directors/CEOs)
As well as for candidates, these restrictions can either hide the entirety of information contained in a card or certain tabs only.
Warning
This does not make the card invisible to the manager with such restrictions in their role. The card will be available in the search list of the module.
Restrictions only apply if the user and their N-1 are not main manager of the cards in question.
The CRM module is separated in two sections: companies and contacts.
Authorizations
The perimeter for authorizations in the CRM module has high precision. In that way, you get to define in detail the access rights of your managers according to:
- their main agency and secondary agency/agencies
- their poles
- their business units
- their perimeter and as a main manager, the perimeter of their N-1
- their perimeter and as an influencer, the perimeter of their N-1
As an example, in the following configuration:
The user will be able to:
- have reading access to all "Companies" cards of the group.
- have reading and writing access to all cards that are in their perimeter as a main manager or influencer as well as all cards their N-1 are in charge of as a main manager or influencer.
- have reading and writing access to all cards that have as a manager/influencer a manager from their business unit.
i.e. Michael and Peter are part of the business unit Digital, therefore, with these rights, Michael will be able to read and edit cards that Peter is a main manager/influencer of.
It is also possible to only limit access to manager N-1 if they are a main manager (the user and their N-1 as main manager) or if they are an influencer (the user and their N-1 as influencer).
Did you know?
Cards right can be added up, in that way, you can create a card with extended rights then define rights more precisely in other cards to indicate that your managers have access rights to certain data more than other data.
Tips : duplicating
It is possible to establish different access for companies and for contacts.
This will allow you to give exactly the same access rights on Company cards and on Contact cards, however, you can always edit after duplicating.
As an example, in the following configuration:
We have duplicated the configuration and deleted the card that gives access to all Contact cards of the group. In this way, the user:
- has reading access to all Company cards of the group, as well as reading and writing access to all cards in their perimeter, perimeter of their N-1 and perimeter of their business units
- has reading and writing access only for Contact cards in their perimeter, perimeter of their N-1 and perimeter of their business unit
Viewing and searching rights for opportunities
If you want your user to be able to view all opportunities attached to certain cards (companies, contacts, etc.) without giving them access to viewing the entirety of opportunities in the module's search view, this section is for you.
For example:
Cards access
Access to Positionings depends on the rights given for the Opportunities module in the Card section of the configuration.
- If given access to the "Positionings" group data, the user will be able to view/create positionings on Positionings
- If you need the user to be able to edit positionings, they will need writing access to main data as well
For example, in this configuration, user has reading and writing access to opportunities in their perimeter and the perimeter of their N-1 and therefore, has access to the entirety of positionings of these perimeters and can also create positionings.
Viewing and searching rights for projects
Projects are visible in a few places on BoondManager: the Projects module, from a Resource card (also giving access to deliveries), Projects tab in CRM cards (companies and contacts), Projects tab in Product cards.
That is why in the "Search" section of the configuration, you get to decide to show or hide projects of a specific perimeter or all projects.
That implies: viewing all project cards of the group from each module's search view or from the "Projects" tab of Resources cards for example.
For example:
Tips : duplicating
The Projects module is separated in two sections: projects and deliveries. If your criteria for access rights is the same for the two sections, you can use the duplication feature for searching filters and available views that are in the Search section of the configuration.
This allows you, for example, to give exactly the same access rights to searching in the Projects section and in the Deliveries section. You can also edit the rights after duplication.
Excluding cards by specific states
This allows you to "close" an archived project in order for it not to be edited again.
In the example above, this manager will be able to view the list of projects in their perimeter and view their main data and consumption tabs, however, they will not be able to edit the cards or access the other restricted tabs when projects are in the "Archived" state.
Restrictions can be combined with one another.
Warning
This does not make the card invisible to the manager with such restrictions in their role. The card will be available in the search list of the module.
Restrictions only apply if the user and their N-1 are not main manager of the cards in question.
Search rights
The Activities & Expenses module is divided into a few sections:
- Timesheets
- Expenses
- Absences requests
- Approvals
In these different search views, you can choose what to view and filter inside each section. This allows you to, for example, decide a manager can filter all timesheets of their agency but only the expenses of their N-1.
Tips : duplication
If your criteria for access rights is the same for each section of the module, you can use the duplication feature for searching filters and available views that are in the Search section of the configuration.
This allows you, for example, to give exactly the same access rights to searching in all sections of the Activities & Expenses module. You can also edit rights after duplication.
Cards access
The particularity of the Activities & Expenses module is that having access to its cards depends on the rights given in the Resources module. In the Resources module settings, you get to indicate reading and writing rights on timesheets, expenses and absences requests. In the Activities & Expenses module settings, you define the access perimeter for viewing the list of cards (timesheets, etc.). Therefore:
Depending on the configured rights in the Resources module, in the Card section of its settings:
- The user has reading and writing access to timesheets of resources whose "Timesheets" group they have reading access to or if they is in their approval workflow
- The user has reading and writing access to expenses of resources whose "Expenses" group they have reading access to or if they are in their approval workflow
- The user has reading and writing access to absences requests of resources whose "Absences requests" group they have reading access to or if they are in their approval workflow
Absolute rights of approval
In the Miscellaneous settings of the module, you can choose to select the option: Always allow to validate, invalidate, reject activity & expenses.
If activated, this option allows the user to validate, reject or invalidate instead of another manager, even when they are not in the approval workflow. With this option, they can also validate, reject and invalidate their own activities & expenses documents.
Viewing and searching rights for invoices and orders
Orders and invoices are visible in a few places on Boond: the Billing module, the Billing tab of CRM cards (companies and contacts).
Configuring search rights allow you to filter and search on perimeters that are more or less extended. The option "See all group cards" overrules perimeters in the mentioned views: Billing module (no filters applied) and CRM tabs (companies and contacts).
However, the invoice card will only be accessible to click on if the access rights allow it.
Tips : duplicating
The Billing module is separated in two sections: Invoices and Orders. If your criteria for access rights is the same for the two sections, you can use the duplication feature for searching filters and available views that are in the Search section of the configuration.
This allows you, for example, to give exactly the same access rights to searching for Invoice cards Orders cards. You can also edit the rights after duplication.
Viewing and searching rights
If you want your user to be able to view all purchases attached to certain cards (companies, contacts, etc.) without giving them access to viewing the entirety of opportunities in the module's search view, this section is for you.
For example:
- If nothing's checked: purchases are visible in the relevant tabs within the limits of the authorized values indicated in the settings above
- If some options are checked: all purchases are shown in the relevant tabs, whatever perimeter is indicated in the above settings
Tips: duplicating
The Purchases module is separated in two sections: purchases and payments. If your criteria for access rights is the same for the two sections, you can use the duplication feature for searching filters and available views that are in the Search section of the configuration.
This allows you, for example, to give exactly the same access rights to searching in the Purchases section and in the Payments section. You can also edit the rights after duplication.
Other access rights
In this tab, you can:
- Enable the reportings your manager will have access to
- Configure the search rights of these reportings
In this tab, you have the possibility to configure for multiple options, a few rights.
Dashboard
You can:
- Configure search rights
- Define which charts are available
Actions
On the Actions module, you can configure:
-
search rights of the module
Good to know:
From the Search section, you can go further in allowing to view actions. By enabling these options, you can give access to all actions in cards (candidates, resources, contacts and/or companies) whose "Actions" data group is readable.
- access rights for cards
- miscellaneous rights of a module
Flags
You have the possibility to configure:
Shared searches
In terms of shared searches, you have the possibility to allow your manager to:
- Modify saved searched they have access to
- Share with other managers the saved searches they have access to
Threads
You have the possibility to start a thread of discussion on all cards in modules. Therefore, you get to configure getting access to them.
Warning
When enabling this option, you allow your collaborator to access the entirety of discussion threads for cards they have access to.
Download center
Whenever a document is exported from Boond, it ends up in the Download center.
You get to configure on which perimeter your collaborator can filter and therefore, access the Download center:
- all managers
- managers of their agencies
- managers of their poles
- their managers N-1
- themselves (if everything's unchecked)
Activity history
When enabling this option, you allow your collaborator to access the entirety of history logs, and to see different modifications done by your users on cards or doings such as shares, extractions, etc.
If you enable this option, you can configure searching rights.
Subscription
When enabling this option, you allow your manager to access information regarding your BoondManager subscription and also allow them to download the invoices available there.
Warning!
When enabling one of these sections, you give access to the Administration console for the options enabled.
Managers
When enabling this option, depending on search rights, card access rights and miscellaneous cards, you allow to:
- view the list of managers
- create and configure a manager account or role
- delete a manager account or role
- enable/disable an account
- log on a manager's account
Roles
When this option is enabled, you allow your manager to create roles and configure access rights to different modules.
Legal Agencies
When this option is enabled, the user will have access to the configuration of your legal agencies.
Warning
In this section, for each agency you configure:
- the page footer of your documents
- settings for timesheets, expenses and absences
- contractual and non-contractual advantages
- your bank details, your invoices' reference mask
- etc.
Poles
When this option is enabled, you allow your manager to create poles.
Business units
When this option is enabled, you allow your manager to create business units.
Global settings & translations
When this option is enabled, you allow your manager to create and edit your reference tools.
Warning
Reference tools are shared with all your legal agencies.
Actions templates
When this option is enabled, you allow your manager to create and edit all your actions templates.
Tasks lists
When this option is enabled, you allow your manager to create and edit all your tasks lists.
Shared searches
When enabling this option, you can allow your manager to assign shared searches to:
- all managers
- their managers N-1
Apps / Marketplace
When this option is enabled, you allow your manager to install apps and also to configure their access.
Warning
Some apps can give access to sensitive data (salaries, margins, personal info, etc.). A Manager with access to installing apps can also define their visibility for your users. This is an access to enable with caution.
Import your data
When enabling this option, you allow your manager to import data on candidates, resources, CRM (companies & contacts), actions and opportunities.
Developer space
When enabling this option, your manager will be able to create apps, create a sandbox and view the API token.
Webhooks
When this option is enabled, you allow your manager to have access to the webhooks list and therefore to manage them.
You can choose which apps your manager will have access to but you can also configure rights for some of them.
Warning
Some apps can give access to sensitive data (salaries, margins, personal info, etc.). When giving access to apps, make sure (by clicking the cogwheel icon for settings) that you are not giving access to data you deem sensitive or confidential.
In this section, you can:
- Enable exclusive authentification from a trusted third party
- Enable an email alert if your account is used from a device that you have not used yet
- Manage a list of devices allowed to connect
We hope that this tutorial has been of any help and we invite you to let us know by voting in the dedicated section below.
If you still have any questions, feel free to get in touch with our Support team :
Comments
0 comments