Step 8: Review employee roles and access rights



Now that all your data and processes have been imported, it is important that specific access rights are assigned to particular employee roles. This ensures that your employees will only be able to view or edit sections and details in Personio that are intended for them.


Review of Employee Roles

Go to Settings > People > Employee Roles to view the existing employee roles that have been individually stored for your company. The numbers on gray background indicate how many active employees are in these roles. You can now easily add employees to one or several employee roles.

You can also configure reminders, access to calendars, and security settings.

1. Assigning Reminders

To assign reminders to employee roles, go to Settings > People > Employee Roles > Reminders. This means that all employees in that role will automatically receive a reminder. For example, you can use it to remind all HR staff of employee birthdays.


2. Calendar Access

Go to Settings > People > Employee Roles > Calendars to select which calendars the employees in this role should be able to access. All employees will always have access to their own personal calendars with reminders and meetings. Click here for more information on how calendar access can be configured.
For details on managing calendars and how to export them to an external application such as Outlook or Google Calendar, click here.



3. Security

If you would like to set up 2-factor authentication for certain employee roles, go to Settings > People > Employee Roles > Security. This setting means that employees in this role also have to authenticate themselves with a token when logging in. The token is generated by the Google Authenticator app that your employees have to download onto their smartphones.


Review of the Access Rights

The access rights of individual employee roles can be configured under Settings > People > Employee Roles > Access rights.


As an Administrator, you are able to log in to Personio as any employee to verify the access rights you have configured for them. To do this, go to the respective employee's profile and click on the Login as this employee icon on the top right corner. 


Explanation of the Different Access Rights

Individual explanations of each section's access level can be found in the respective info tooltips, which you can open by hovering the mouse on the info symbol.


Please note that the role All employees is a system role. This means that every active employee has the access rights that are assigned to this role. You should therefore be fairly restrictive when defining the rights of this role. You can grant particular roles additional access rights at any time.


General access rights

View This access right allows the respective data to be viewed.

This access right allows proposing changes to the respective data.

Note that selecting this access right requires that a corresponding approval process is set up as well.

Edit This access right allows the respective data to be edited.


Access areas

Own This access area only includes the employee's own data.
My reports This access area only works for employees who have been set up as supervisors and gives them access to the data of all employees who are directly or indirectly assigned to them, but not to the data of the supervisor themself. If the supervisor's data is to be included, please also select Own.
Custom This access area comprises a specific selection of employees that can be defined using any filters by clicking on Custom
All This access area comprises all active employees except the employee themself. If they should also have access, select Own as well.




Article is closed for comments.

    Topics of this article