This article explains how to create and manage employee roles. In Personio every employee role is set up with individual access rights, calendar views and other security configurations. In order to manage reminders, the Professional- or Enterprise-Package is required. Typical employee roles are for example "HR Manager", "Senior Executive" or "Intern".
Predefined System Roles in Personio
In Personio, the roles All employees and Administrator are predefined by default. A good grasp of these two roles is essential for the configuration of other employee roles.
The role All employees includes all your active employees. The access rights you define for this role are applied to all other roles by default. Access rights that have been granted to All employees cannot be restricted by assigning another role. Thus, be as restrictive as possible when defining rights for this role. More encompassing access rights on the other hand can always be granted through additional roles.
The Administrator role or any role with admin rights is the opposing role to All employees. It gives its members full access rights including account configuration access.
Admins have exclusive rights that cannot be assigned to any other role. These include:
- Access to the Import function - only the import of documents can be enabled for other roles
- Access to the Plan and Billing area in the account settings
- The option to log in as another employee
- The ability to create or remove Employee roles
- The ability to delete Employee profiles
- Resetting or assigning new passwords
- The ability to view all pending approval requests (attendances, absences, sick certificates and attribute updates) on the dashboard
- Personio subscription management and Payment settings
- Access to the Data processing agreement (DPA) and download of further agreement components directly from the application
- The ability to set up individual Feedback categories in Settings
- The ability to set up the Company calendar integration
- The ability to set a Global default view for the employee list
- Access to the Timeline view
- The option to configure your Personio account settings using the interactive In-App Tours (HRM and Recruiting)
Employees in an administrator role are able to skip the absence approval process if they wish or if this has been agreed upon with their supervisor.
Creating a New Employee Role
Navigate to Settings > Employee Roles. You will find some examples of preset employee roles that you can adapt to your needs. Create new roles via the plus button.
The number next to the role title, highlighted in grey, represents the number of active employees occupying said role. If you set the status of an employee to Inactive, this employee is no longer displayed in the previously assigned role.
Managing Employee Roles
After creating the employee roles you assign them to the according employees in the Members tab. Select a role and click on the employee you want to assign it to. Don't forget to save your changes. Remember that all active employees are automatically assigned to the role All employees and cannot be removed from that role.
At the top right of the screen, you can rename your roles, duplicate and delete them.
Before you delete an employee role, you must remove all employees from that role.
After assigning all employees to their roles, the next step is to define their access rights. In the tab Access rights you determine which sections of the account your employees can View, Edit or what they can Propose. Our article General Access Rights provides a more detailed description of the topic.
Individual access to the global calendar can also be defined for each employee role. A distinction is made between the calendar categories and the scope of the view rights. Select an employee role and click on the Calendars tab. Determine for each calendar category what or how much information these employees should be able to see when they open the calendar.
To further increase the security of the data stored in Personio, it is possible to activate 2-factor authentication for each employee role. The employees in question require a token that is generated on their mobile device and must be used to login in addition to their e-mail address and password. Learn more about how to enable 2-factor authentication for specific employee roles here.
If you booked the Professional- or Enterprise-Package, setting up reminders will further simplify your daily work. Individual reminders can be defined for each role. HR managers for example might want to be notified of upcoming contract renewals or employee birthdays. You will find a detailed description of how to set up reminders here.
Can't find what you're looking for?
We are happy to help you! Just write us a message with your questions and we will get back to you as soon as possible.Submit a request