Creating and Managing Employee Roles

This article explains how to create and manage employee roles. In Personio every employee role is set up with individual access rights, reminders, calendar views and other security configurations. Typical employee roles are for example "HR Manager", "Senior Executive" or "Intern".

 

Predefined System Roles in Personio

In Personio, the roles All employees and Administrator are predefined by default. A good grasp of these two roles is essential for the configuration of other employee roles.

The role All employees includes all your active employees. The access rights you define for this role are applied to all other roles by default. Access rights that have been granted to All employees cannot be restricted by assigning another role. Thus, be as restrictive as possible when defining rights for this role. More encompassing access rights on the other hand can always be granted through additional roles. 

The Administrator role or any role with admin rights is the opposing role to All employees. It gives its members full access rights including account configuration access.

Screenshot_role_1.png

Admins have exclusive rights that cannot be assigned to any other role. These include:

  • access to Imports
  • the ability to login as other employees
  • assigning and removing employee roles
  • deleting employee profiles
  • assigning and resetting passwords for all employees
  • activation/deactivation of payroll notifications
  • access to the Detail view of the employee history
  • ability to view all outstanding approvals on the Dashboard
  • access to Plan and Billing
  • ability to view and download the Data Processing Agreement (DPA) as well as other contract components
  • editing rights to set up Performance Meetings

Employees in an administrator role are able to skip the absence approval process if they wish or this has been agreed upon with their supervisor.

 

Creating a New Employee Role

Navigate to Settings > Employee Roles. You will find some examples of preset employee roles that you can adapt to your needs. Create new roles via the plus button.

Screenshot_roles_2.png

The number next to the role title, highlighted in gray, represents the number of active employees occupying said role. If you set the status of an employee to Inactive, this employee is no longer displayed in the previously assigned role.

 

Managing Employee Roles

After creating the employee roles you assign them to the according employees in the Members tab. Select a role and click on the employee you want to assign it to. Don't forget to save your changes. Remember that all active employees are automatically assigned to the role All employees and cannot be removed from that role.

Screenshot_role_3.png

At the top right of the screen, you can rename your roles, duplicate and delete them.

Before you delete an employee role, you must remove all employees from that role.

After assigning all employees to their roles, the next step is to define their access rights. In the tab Access rights you determine which sections of the account your employees can View, Edit or what they can Propose. Our article General Access Rights provides a more detailed description of the topic.

Screenshot_role_4.png

Setting up reminders will further simplify your daily work. Individual reminders can be defined for each role. HR managers for example might want to be notified of upcoming contract renewals or employee birthdays. You will find a detailed description of how to set up reminders here.

Screenshot_role_6.png

Individual access to the global calendar can also be defined for each employee role. A distinction is made between the calendar categories and the scope of the view rights. Select an employee role and click on the Calendars tab. Determine for each calendar category what or how much information these employees should be able to see when they open the calendar.

rollen_kalender.png

To further increase the security of the data stored in Personio, it is possible to activate 2-factor authentication for each employee role. The employees in question require a token that is generated on their mobile device and must be used to login in addition to their e-mail address and password. Learn more about how to enable 2-factor authentication for specific employee roles here.

Screenshot_security.png

 

Was this article helpful?

Can't find what you're looking for?

We are happy to help you! Just write us a message with your questions and we will get back to you as soon as possible.

Submit a request

Comments

0 comments

Article is closed for comments.

    Topics of this article