Security Groups Overview

1. User Admin: This permission grants the individual access to add/edit User Profiles and reset passwords. This user will also have access to several pages within the Setup area.
2. Roles Admin: This permission primarily grants the ability to create and manage company Roles (when combined with the User Admin permission). This user can also modify the Company Mission & Vision and modify the details of Roles by creating role-based Requisition Templates and managing the associated role Competencies, Goals, and Hiring Workflow.
3. Workforce Planning Module: This permission type will grant access to our Workforce Planning module.
4. HR Admin: This permission grants visibility into employees' compensation information, hiring files, and employment history.
5. IT Admin: This permission grants the ability to set up connected apps in World of Work, enable Celebrations, Two-Factor Authentication, Bulk Calendar Connect, and access Devices and Equipment.
6. Security Group Admin: This permission grants management and actions within the Security Groups tool.

1. Employee: The general access user permission that is assigned by default to all newly created users (unless it is a 3rd-party Vendor recruiter user) is Employee. Employees cannot access the Tools menu for backend settings but will be able to view existing Roles and their corresponding Competencies.
2. Task Assignee: This permission is considered the tasks-only Onboarding user. This user has access to the My Tasks tab and can be assigned to approve tasks or complete internally assigned tasks. A Task Assignee does not have access to view in-progress or completed onboarding packets.
3. Goal Alignment: This permission grants an individual the ability to create and manage Goals for themselves and provides access to the Org Chart, Company Vision, and search for Colleagues based on the company directory. If a user with this permission has direct reports, this user can edit the direct report's goals and provide goal feedback or private notes.
4. Performance Management: This permission grants an individual access to participate in reviews to which they have been assigned. This user will not be able to view or manage the overall review cycles or performance-related settings. This is the permission that should be granted to all employees of organizations utilizing the Performance Module.

1. Recruiter: This permission is considered the all-access Recruiting user, granting an individual access to view all Candidates* across all Requisitions created (*unless your organization utilizes Data Walls). They can also create/post requisitions without an approval process, and approve new requisition requests from hiring managers. This user will have the additional ability to edit Applications, Scorecards, Email Templates, and other recruiting setup items, as well as gain access to the Reporting & Analytics platform.
2. Hiring Manager: This permission is considered the "restricted access" Recruiting user. This user will only be able to view candidates in requisitions they have access to and require approval from a Recruiter when creating a requisition. Requisitions they have access to include: requisitions they are assigned to as the Primary Hiring Manager, requisitions they have been assigned to as part of the Hiring Team, or requisitions their subordinates have created.
3. Offer Letter Admin: This permission grants an individual the ability to manage Offer Letter Templates and view all historically sent candidate offer letters* (*when combined with a Recruiter or Hiring Manager permission).
4. Offer Letter Sender: This permission grants an individual the ability to send and view Offer Letters to Candidates they have access to* (*when combined with a Recruiter or Hiring Manager permission). This user will not have access to the setup or management of offer letter templates.
5. Background Check: This permission grants an individual access to initiate and view the results of a candidate's Background Check. This permission requires a ClearCompany Background Check Partner to be integrated with your account. Please contact your ClearCompany Representative to learn about available partners and pricing/enablement details. Don't have a background check provider, check out Background Checks by ClearCompany.
6. Assessment Tests: This permission grants an individual access to initiate and view the results for a candidate's Assessment Test. This permission requires a ClearCompany Assessment Test Partner to be integrated with your account. Please contact your ClearCompany Representative to learn about available partners and pricing/enablement details.
7. Talent Sourcing: This permission grants an individual access to the External Sourcing feature to passively search potential candidates across professional social media sites.

1. Onboarding Coordinator: This permission is considered the all-access Onboarding user. This individual can send, edit, and have access to all in-progress and completed Onboarding Packets and Completed Documents. This user can also manage items within Onboarding Setup*, including New Hire Packet Templates, Onboarding Email Templates, and the Document Library (*when combined with the User Admin permission). Depending on how your organization utilizes Onboarding Data Walls.

1. Performance Admin: This permission grants an individual access to launch and manage performance review cycles, workflows, and performance-related setup and settings. This user can also view all reviews at any stage of completion. Depending on how your organization utilizes Onboarding Data Walls.
2. Survey Admin: This permission gives the ability to launch, and manage survey cycles and provides access to the survey setup resources.
3. Goals Admin: This permission grants an individual the ability to oversee and manage all Goals in the system (including private and otherwise restricted Goals) and modify Goal Settings.
4. Performance Reporting: This permission grants an individual access to the Performance tab within the Reporting & Analytics center. This user will not be able to view or manage Review Cycles or performance-related setup items.

1. A default set of Security Groups will exist in a newly provisioned organization. They can be edited or deleted. The default groups are below.
2. Employees or Roles can be assigned and unassigned as members of a security group:
   1. Employees with an associated role in the Security Group will receive all permissions associated with the Security Group.
   2. Changes to permissions in the Security Group will automatically be applied to all Employees and Employees with an associated role in the Security Group.
   3. Employees can be added in bulk to a security group by applying filters based upon Department, Role, or Office (Logic works as an "OR" between multiple select values within the same attribute and as an "AND" between different attributes (e.g. "(Sales Department OR Marketing Department) Employees AND in San Francisco").
3. A Security Group can be defined for the "Company" and that will confirm the selected permissions to all employees of the company (except those that are members of a "Vendor" designated Security Group.
4. Management/Actions within the Security Group Dashboard can be done by a user with the Security Group Admin permission.

1. Roles can be added in bulk to a Security Group through multiple checkboxes (or search).
2. Role membership in a Security Group can be managed from the Role Management Dashboard (as well as the Security Group Dashboard).
3. This can be done by a user with the Role Admin permission.
4. A "Permission Check" can be performed on a role so a user can see what permissions the role currently has, will receive, and will lose following changes to associated Security Groups.

1. Employee
2. Goal Alignment
3. Performance Management

1. Recruiter
2. User Admin
3. Offer Letter Admin
4. Offer Letter Sender
5. Background Check
6. Assessment Tests

1. Onboard Coordinator

1. Performance Admin
2. Survey Admin
3. Goals Admin

1. IT Admin
2. Task Assignee

1. HR Admin
2. User Admin
3. Roles Admin
4. Security Group Admin

1. Hiring Manager

When a new hire is assigned a role with an assigned Security Group during the onboarding process, the new hire will automatically receive the permissions listed under that security group.

In addition, a security group can be assigned to the Company role, which will give each user the assigned permissions from that security group.

Yes! A "Permission Check" can be performed on a role so a user can see what permissions the role currently has, will receive, and will lose following changes to associated Security Groups.

Security groups are used to assign a set of permissions, the permissions are a set of actions that a user can take. For example, a security group of "Recruiter" can have permissions to create and post requisitions. If you are interested in limiting the data that a user has access to, you will want to implement Data Walls.

We recommend the below:

1. Assign security groups to roles, so any new user or existing users with the role will get the permissions aligned with that role.
2. Assign a security group to the Company role, when doing so, any new users created in the system will get the permissions assigned to this role. To assign a security group to a company role, navigate to Tools> Setup> Roles/Departments/Roles and select the Company role at the top-left-hand side.