1. Help Center
  2. Software Updates
  3. Security Groups

Migration to Security Groups

Follow
Avatar
Juan Burgos
Edited

ClearCompany has introduced a new security model based on Security Groups to streamline permission management and improve organizational transparency. This migration marks a shift from assigning permissions individually to assigning them based on role and grouped permissions. This system not only simplifies access management but also lays the foundation for more granular permission control in the future.

Note:

Security Groups migration may not apply to you if you are a new customer of ClearCompany after April 2024. Migrations will occur between June and September 2025. ClearCompany will communicate with organizations directly.

In this article:
What's Changed
Recommendations
Understand Your Ideal Security Groups
Managing Roles and Permissions
Adding Security Groups to Roles
F.A.Q.
Additional Resources

What's Changed

ClearCompany is transitioning to a new Security Groups model that assigns permissions based on roles rather than individuals. Security Groups simplifies permission management and prepares organizations for more detailed permission configurations going forward.

As part of this update, a Security Group has been created for every permission previously assigned to users. Below are the key changes:

  • Permissions are no longer managed on individual user profiles.

  • Every employee has been automatically placed into one or more security groups that match the permissions they previously held. For example, an employee with the Recruiting permission is now assigned to a security group called Recruiting. That employee may be in multiple groups if they had multiple permissions prior to the migration.
  • The CEO's permission will remain assigned to as many employees as it’s currently granted to. If organizations change the CEO's permission, it will only be granted to ONE employee from the moment of the change.

Benefits of the New Security Groups Model

  • Every new employee gets the base permissions defined on the company role.
  • Permissions can be automatically provisioned or deprovisioned by role.

What do I have to do?

Nothing right now! We have completed the migration process for you. You can familiarize yourself with the new security groups by referring to: Permissions to Security Groups Worksheet

Recommendations

Even though no immediate action is required, we recommend reviewing and optimizing your Security Groups setup:

If your organization uses Performance Management and Goals across every employee, organizations should add the permissions Goal Alignment and Performance Management to the Employee security group. This will grant access to goals and performance for all existing employees and will automatically provision new employees with these permissions.

Goal Alignment and Performance Management Permission
  1. Click Tools, then Setup.Setup.png
  2. Click Security Groups.Setup.Security Groups.png
  3. Click Edit Group Permissions.Edit Group Permissions.png
  4. Check the boxes for “Goal Alignment” and “Performance Management” and click Save.Permissions.png

Understand your Ideal Security Groups

To help manage and optimize your permission structure, ClearCompany provides reports that show how permissions are currently grouped and assigned. Which will allow:

  • Organizations consolidate similar groups.

  • Ensure users are in the expected permission groups.

  • Understand how the employee has a particular permission assigned - are they in the permission group that I am expecting them to be in?

You may use these reports to make changes to your security groups and employee assignments. We recommend following the process below.

User Permissions Report

The User Permissions Report allows organizations to view their permissions based on users' and departments. This report will help you understand what your group makeup looks like so that you can create new groups based on it or clean up unnecessary groups.

  • The report shows the employees and the permissions they currently have.
  • Start with the department or offices that have the highest number of employees.
  • Review the permission and the employees.

To navigate to the User Permissions Report:

  1. Click Tools, then ClearInsights.ClearInsights Option.png
  2. From the drop-down, click Other.ClearInsights Dropdown.png
  3. Click Reports, then select the User Permission Report.User Permission Report.png
  4. Users can filter by department and office. As well as download the report.User Permissions Report Visual.png
Find and address employee outliers (Coming Soon)

As part of the migration process, ClearCompany moved employees into singular permission groups. Now that employees have been assigned to new groups based on their role or permission set, we can remove the singular permission groups so that employees are getting their permissions from one source of truth.

  1. Navigate to the Employee Permission Assignment report.
  2. Filter the report to the group that you want to delete.
  3. Review the employees that are assigned to this data group and note whether every single employee is getting permission from more than this singular permission group.
    • If yes, delete the group.
    • If no, move the employee into the correct group.
    • OR if the employee needs to be in the singular permission group, remove the employees from the singular group that don’t need to be there.

Managing Roles and Permissions

Resource: Security Groups: Add or Update another User's Permissions

Please Note:

When a new hire is onboarded, they are automatically added to the Employee Group and must be added to additional groups.

Create a New Group
  1. Click Tools, then Setup.
    Setup.png
  2. Click Security Groups.
    Setup.Security Groups.png
  3. Click Create New Group on the left-hand side.Create a New Group.png
  4. Name the group, something descriptive but concise is ideal, add an optional description, and select the permissions that were outlined in the report. Tip: Rename default groups if they don’t align with your organization’s naming conventions.New Group.Save.png
  5. Decision: Are you going to manage permissions based on role?
    • If yes, you’ll automatically move employees into these new groups. See below.
    • If no, follow the instructions below to add employees to your new group.
  6. Repeat until all necessary groups have been added.
  7. Organizations will notice, as they move through this list of permission groupings, that groups with a small number of employees may exist. Before creating a new group, ensure that the employee associated with the grouping isn’t missing permissions or that they don’t have too many permissions. If you find that an employee has incorrect permissions, users can add or remove employees from groups or groups from employees
Add Employees to Groups
  1. Click Tools, then Setup.
    Setup.png
  2. Click Security Groups.Setup.Security Groups.png
  3. Click Employees.Security Group Employees.png
  4. Click Add Employees to Group. Add Employees to Group.png
  5. You can use the search bar to search for the employee you would like to add or select "Add Multiple Employees".Search or Multiple.png
  6. If Add Multiple Employees is selected, you can search for employees by department, role, or office. You can also choose to include all employees. Search for Roles.png
  7. You can also use the "X" on the right-hand side to remove any employees.Delete User.png
  8. When done, click Add Employees.
Edit a Group
  1. Click Tools, then Setup.Setup.png
  2. Click Security Groups.Setup.Security Groups.png
  3. Click Edit Group Permissions.Edit Group Permissions.png
  4. Make adjustments to the group as desired. When done, click Save.
Delete Unnecessary Groups

Important:

Once a Security Group is deleted, it cannot be recovered.

  1. Click Tools, then Setup.Setup.png
  2. Click Security Groups.Setup.Security Groups.png
  3. Click Edit Group Permissions.Edit Group Permissions.png
  4. Click Delete this group.Delete this Group.png
  5. Confirm that you would like to delete this group. This cannot be undone. Click Yes, Delete Security Group.Yes, Delete.png
Edit Group Assignments for an Individual User

If a user needs to be moved to a different group:

  1. Click Tools, then Setup.Setup.png
  2. Click Users.Users.png
  3. Select the user whom you need to make adjustments for, and click Edit Group Assignments.Edit Group Assignments.png
  4. The list of Security Groups available will display, and the one (s) assigned to the user will have the checkbox toggled. Check the box next to the security group they will be moving to, and remove the checkbox from the one you would like to remove them from.Checkbox.png

Adding Security Groups to Roles

Organizations have two options for adding security groups to roles.

Option One - Multiple
  1. Click Tools, then Setup.
    Setup.png
  2. Click Security Groups.Setup.Security Groups.png
  3. Make sure Roles is selected.  Click Add Roles to Group.Add Roles to Group.png
  4. You can search for Roles by using the search bar or selecting Add Multiple Roles.Search for Role or Multiple.png
  5. If Multiple Roles are selected, you can search for the role on the left-hand side or use the checkbox to select the roles you would like to add. You will see the green icon Green Check.png if the role already exists in this group.Roles Checkbox.png
  6. When done, click Add Roles.Security Groups.Add Roles.png
Option Two - Individual
  1. Click Tools, then Setup.
    Setup.png
  2. Click Roles/Departments/Offices.Roles Departments and Office.png
  3. Select the role you would like to add the security group to.Role Dashboard.png
  4. Click the Security Groups tab.Security Groups Tabs.png
  5. Click Assign Security Group.Assign Security Group.png
  6. Select the Security Group you would like to add to this role, you can see what permissions they will have and you can also select "Check Permissions" to see what they will be able to do based on your selections.Security Groups.Check Permissions.png
  7. When done, click Save.

F.A.Q.

What if I have users with the “Vendor” permission?

We recommend setting the vendor permission as its own group since it overrides all other permissions. This ensures that even when vendors are assigned the base employee goals and performance permissions and anyone also in the assigned vendor group with vendor permission will not be granted access to those base employee modules. Refer to Security Groups: Add or Update another User's Permissions.

Additional Resources

Below is a customizable checklist designed to empower your team as you prepare for a transition to the new Security Groups model.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section