Security is set in specific places within Appogee HR according to the type of data needing to be secured. This article provides an overview of the places you control security and what those settings do as well as linking you to more detailed information about making changes in those areas.
In this article:
The fundamental building block for securing data in Appogee HR is the set of User Roles. The key roles are Employee (for general system access), Team Manager (providing visibility of and/or control over data for employees in their Team(s)), HR Manager (who can see and amend any data in the system) and Admin who have no special access to data but have access to configure system settings.
All transactional data changes in Appogee HR are logged and made available to users with the HR Manager role in separate Audit tabs. Examples of where you will find audit tabs include the Employment Profile, Leave Allowances, Team Settings etc.
Additional specialist roles are provided for IT Managers, Payroll Assistants and HR Assistants which provide additional access to some employee data, whilst still ensuring security of other data. For example, a Payroll admin can have access to employees' bank details and salary, but not their performance or learning data.
Detailed information about User Roles can be found in the following articles:
Employee Profiles (Categories & Fields)
Security for Employee Profiles is administered on a field level, which means you can control exactly who has access (View, Read, Edit, Masked Read or Masked Edit) to each individual field across all your different HR Processes and Categories. To configure this, Admins can either click the 'Config' button in the top right corner of each HR page or go to Profile > Admin & Config >Record Categories and Fields.
Once in the config page, switch to the Security mode to edit security.
Detailed information about securing Employee Profiles can be found in the following articles:
Employee Profiles (Records)
Attachments to Employee Profiles are called Records. Security for Records is managed at a Category level (eg Personal, Work Details etc), so access to all Records in a single Category will be the same for each user role (Employee, Team Manager, HR etc).
Security configuration options for Records can be found under Profile > Admin & Config > Record Categories & Fields > Record Security. For each role, security settings can be defined as No Access, Title Only, Read Only or Read and Edit. In this way it is possible to allow, for example, a Team Manager to see the Employee profile information and see that attached Records have been provided but not be able to see their contents.
For more information on setting up Records security, take a look at the following article:
Company Documents provide a managed library of uploaded files, notes or links such as policies, procedures, forms & templates for use across the organization. Security is managed on a Document Type (eg Company Policies, Employee Templates etc) level, so access to all Documents in a single Category can be the same for each user role (Employee, Manager, HR etc). Although, there is the ability to add an override option per category, which gives the uploader the ability to decide what the security settings are per document.
Security configuration options for Company Documents can be found under Company Docs > Config > Document Types. For each role security settings can be defined as No Access, Title Only, Read Only or Read and Edit. The Advanced option can enable the person uploading the document to set a different security setting for that specific document.
For more information on setting up Company Documents security, take a look at the following article:
Security settings that impact access to Leave is set up and edited on the team page. Go to Organisation > Teams and select a team you wish to mange. Employees can see who else is in their Team, and who their Manager is but they will not have access to employee details unless they have the Team Manager or HR Manager role.
On the Calendar Config tab, you can select who should have access to view this team's calendar. The options are as follows:
Team Members and Team Managers
Team Managers can access information about the members of that team. All absence approvers will be given Team Manager role. You can also add other Managers who are not approvers to the Team Profile.
All managers have access to the management and reporting for teams they manage. A Team Manager may be assigned a Reader or Editor role. Managers with Editor roles can edit employee specifics, such as requests and allowances of users they manage, whereas managers with the Reader role have read-only access to the team profile.
For more information on team set up, take a look at the following articles:
Available only with the HR Success package.
Security for Performance Reviews is as follows:
Only Team Managers are able to initiate Performance Reviews for employees they manage, the employee will not see the Performance Review unless the Manager shares it with them at the point of completion.
Employees are able to submit their self-assessment topics if requested.
Employees who have been requested to submit 360 Feedback about their colleagues will only ever see the request details, never the Performance Review. The employee who the feedback is regarding will never see the feedback - the manager can choose to share this with the employee verbally.
Performance Review templates can be created by users with the Admin role. They can choose whether managers have the ability to make changes to the template defaults when they are creating individual reviews. Under Process Config > Review Type Templates each template can be edited. Within each template section there is a tickbox 'allow managers to override?' which if ticked, allows the Manager to amend the content review structure at the time a review is initiated. There is a good deal of granularity provided in the configuration which can be found under Reviews > Config > Review Templates.
For detailed information about Performance Reviews, take a look at the following articles:
System-wide security settings can be configured within System Config. This page is split into the following tabs:
The Localization tab controls only how the content in the site is displayed, not who as access to it.
The Directory tab provides settings to control which user roles (Employees, Team Managers, HR Managers and Admins) have access to the Directory and the Org Chart pages. Found in Directory > Config
Within the Leave tab, you can configure a variety of things, so this is split once again into 3 tabs. This is found in Leave > Admin & Config > General Settings.
General Settings - controls whether managers can see all Teams in the organization. and whether absence request Types are shown to Employees.
Active Leave Years - define in which year users can submit requests.
Leave Start Month - define whether there is a consistent Leave start month across your organisation.
Company Documents & Employee Records tabs provide settings to allow or disallow employees to link Google Drive and Microsoft OneDrive to Docs and Records. This is found in Company Docs > Config > General Settings.
In the Shout-outs tab you can control the security of Shout-outs by choosing who has the ability to create and view - No Access, Team Members only, All Employees.
Finally, the Security tab allows you to determine if integrated users have the ability to log in with username and password, as well as single sign on from G Suite or Office 365.
Choose whether to enable Two-Factor Authentication on your account by clicking your name/image in the top right corner of the application and click Security.
For more information on Two-Factor Authentication, take a look at the following article:
ADUs in Appogee HR refer to “Appogee Divisional Units”, and are a way to segment data into divisions, allowing you to delegate administrative tasks such as configuration of Employees, Teams and Company Documents to specific Users. ADUs are generally recommended for larger organisations.
The ADU Admin role allows users to manage ADUs, including creation/deletion, and the ability to move data between ADUs. ADU Admins have access to all data in Appogee HR, regardless of the ADU they are assigned. This differs from the HR Manager role, where HR Managers only have access to the data that resides in the same ADU to which they are assigned.
For more information on ADU Security, take a look at the following articles: