We're redesigning roles and permissions to make them easier to set up and manage. This won't change any of your existing roles and permissions or how they work. It only changes where you find them and how they're displayed.

We're making these updates in phases. This article explains what's already changed, what's changing next, and what to expect in the new experience.

Key improvements

The sections below summarize what improvements we've already made to your account and what improvements will apply to your account when you choose to opt in to the new experience.

What we've already improved in your account

The table below describes the improvements that are live in all accounts. You don't need to opt in to see them.

Topic	Before	After
Reminders	Reminder configuration was only accessible to Administrators in Employee Roles.	Reminders configuration moved to Automations. You can now grant non-Admins permission to create and manage role reminders.
Security settings	Authentication settings were only accessible to Administrators in Employee Roles.	Two-factor authentication moved to Authentication settings. You can now delegate authentication configuration to non-Admins.

What improvements will apply when you opt-in

The table below describes the improvements that will be applied to your account when you opt in to the new permissions experience.

Topic	Before	After
Role descriptions	Roles didn’t have a description field.	You can now add a description to each role to communicate its purpose and scope.
Permissions layout	Permission controls were spread across multiple sections and checkboxes.	Permissions are re-organized into clear groups based on the topic they relate to. For example, all permissions related to the same area, like Time off periods, time off settings and tasks, are in one place.
Calendar access	Calendar visibility was managed in a separate tab and didn't support additional supervisors or multi-value scopes.	Calendar visibility is now part of the relevant permissions group, like Time off, Recruiting, and Employment details.
Access level and scope configuration	You set access levels and scope directly in the checkbox view.	Configure access levels and scope for each permission in a dedicated sidebar. A description of the permission helps guide Admins through the configuration.
Access level display	There was no visual indicator showing what access level was set for each permission.	Color-coded symbols show the access level at a glance: blue for View, yellow for Propose, red for Edit, and grey for No access.
Bulk permission management	Enabling multiple permissions at once was done in the central checkbox view.	You can select multiple permissions and edit them together in a separate window, which includes a clear way to review the result before saving.
Review before saving	A confirmation step was shown before saving permission changes.	A review and confirm step shows all pending changes before you save, so you can ensure users get access to the intended data and settings.
Scoped delegation of employee role assignments	You could either give someone full access to manage role assignments, or none at all.	You can now grant custom access to manage role assignments, so you control exactly whose roles someone can manage.
Permissions export	Exports included internal IDs alongside permission data.	Exports now use names and labels you recognize. IDs are still included for backward compatibility.
Access analyzer	To review a user's access, you checked each of their assigned roles individually.	A new Assignees tab shows the combined permissions for any user across all their roles in a single view.

Transition timeline

The table below describes the phases of this transition. It lists what changes have already happened, and when to expect more.

When

What

Late 2025

The Reminders and Security tabs moved out of Employee Roles.

June 2026

The new roles and permissions experience rolls out gradually through an opt-in beta.

Once available for your organization, any Administrator can enable the experience for their entire account. It cannot be enabled for individual users.

All new Personio accounts created from this date will have the new experience by default.

End of August 2026

General availability - all accounts transition to the new roles and permissions experience.

What we do

When you opt in, our system automatically:

Displays all your permissions in the new layout, keeping every access level and scope exactly as it was.
Groups permissions by topic instead of splitting people data and configuration settings across separate sections.
Moves all calendar visibility settings into the relevant permission groups based on topic.
Keeps all role assignments and members intact.

New permissions structure

All existing permissions are displayed in the new layout automatically. Every permission that was enabled in your account before the transition is enabled in the new experience. The access levels (View, Propose, Edit) and scopes (Self, Reporting line, Custom, All) carry over exactly as they were.

The main change you'll notice is how permissions are organized. Instead of splitting people data and configuration settings across separate sections, the new experience groups them by topic. For example, permissions that control access to Attendance data and Attendance settings — which used to be in separate sections — are now both in the Attendance permissions group.

For a full map of where every permission has moved, see Find permissions in the new experience.

Calendar visibility settings

The Calendars tab no longer appears in Employee Roles. All calendar visibility settings have moved into the relevant groups in the main permissions view.

Setting	New permission group location
Team Calendar access	Time off (permission named Employee availability)
Time off type visibility	Time off
Birthday visibility	Employment details
Start/end date visibility	Employment details
Recruiting calendar events	Recruiting

Each time off type now has two separate permissions. See the Summary of Time off permissions article for more information.

Any custom scopes you had set for calendar visibility carry over automatically.

What you need to do

Before you opt in

Before opting in, be aware of the following:

Opting in affects all admins in your account, not just you. As soon as one admin opts in, all other admins see the new experience.
Any changes you make in the new experience affects your entire organization. We recommend coordinating with your team before making configuration changes.
You can opt out at any time. If you opt out after making changes in the new experience, some of those changes may not carry over to the old experience. See the If you opt out section below for details.

To opt in to the new experience, follow these steps:

Go to Settings.
In the People section, click Roles & permissions.
You'll see a banner for the new experience at the top of the page. Click See what's new.
Review the details, then click Try now.

This enables the new experience for all admins in your account immediately.

After you opt in

When you opt in to the new experience, your existing roles and permissions carry over automatically. You don't have to take any action, but we recommend the following:

Get familiar with the new layout

Review your roles in the new layout to get familiar with it. To access the Roles and permissions page:

Go to Settings.
In the People section, click Roles & permissions.

The Roles and permissions page shows a table of all your roles. A new Permissions column shows how many permissions are enabled per role.

Click a role to open a sidebar summary of its current configuration and assigned members.
Click Edit to manage the role's details, members, and permissions.
Click + Create role to set up a new role. You can add a name and description before moving to the permissions configuration.

In the permissions configuration view:

You'll see permissions grouped by topic.
Click a permission group's name to expand it. Use the search option to find a specific permission.
Use the Filter option to show only enabled or sensitive permissions.
To edit in bulk, select the checkbox next to multiple permissions then click Edit access. Review the result before saving.
Click any permission to open a side panel with a description and options to set the access level and scope.
Check if a permission is people-data based or feature based by looking at the Type column.
Look at the Access column for color-coded symbols that show the access level and scope. Hover over a symbol for a full breakdown.

Add descriptions to your roles

Review your roles and optionally add a description to each one. To do this:

Click a role.
Click Edit > Edit details.

A clear description helps your team understand the purpose and scope of each role. For example:

"Full access to employee data for HR Business Partners"
"Read-only access to time off and attendance for team leads"
"Payroll admin access, scoped to Germany entity"

Review the access analyzer

Open the Assignees tab for any role to search for the combined permissions for users in that role. Use this to confirm assignments are working as expected.

Review the new roles and permissions content

Read more about the new experience in the following articles:

Find permissions in the new experience: find where a permission has moved.
Summary of permissions (new experience): a full reference of all permissions.
Set up and manage employee roles and permissions (New experience): configure roles in the new interface.

Give feedback about the new experience

Your feedback helps us make improvements to the new Roles & Permissions experience before it's released to everyone. To give feedback, follow these steps:

Go to Settings.
In the People section, click Roles & permissions.
In the top right corner, click Early access > Give feedback.
Add your feedback, choose whether Personio can contact you to discuss the feedback, then Share feedback.

If you opt out

You can opt out at any time. Before you do, be aware of the following:

Most configuration changes you've made in the new experience will carry over to the old experience without any issues.
Opting out affects all other admins in your account and may undo permission changes another admin has made. Any changes that are lost can be reconfigured after opting back in.
If any of your configurations are incompatible with the old experience, a warning will appear before the switch so you know what to expect.

Changes that will not carry over
Some features are only available in the new experience. If you have configured any of the following and then opt out, those settings will be lost and will need to be reconfigured if you opt back in:

Calendar visibility for additional supervisors (like dotted-line reports) or multiple custom scopes.

Changes that will be temporarily hidden
Other settings are saved but not visible in the old experience. If you opt back in, they will reappear automatically with no action needed:

Role descriptions
The Assignees tab

To opt out of the new experience, follow these steps:

Go to Settings.
In the People section, click Roles & permissions.
In the top right corner, click Early access > Switch back.
Optionally, provide feedback.
Click Switch back.

This returns all admins in your account back to the old experience.

FAQ

Will my existing roles and permissions be affected?

No. All your current roles, permissions, and configurations carry over automatically. The permissions and their logic stay the same — only the names and groupings change.

Do I need to do anything before the opt-in starts?

Nothing is required. The opt-in is available from mid-June, so you can explore the new experience at a time that suits you.

Can I still use the old experience after opting in?

Yes, during the opt-in phase. You can switch back to the old experience at any time until the end of August, when the new experience becomes standard for all accounts. Note that switching back may affect some configuration changes — see the section above for details.

Will changes I make in the new experience carry over if I opt out?

Most will, but not all. See the If you opt out section above for a full breakdown of what carries over, what is temporarily hidden, and what will need to be reconfigured.

When does the new experience become mandatory?

The opt-in opens on June 9. The new experience rolls out to all accounts at the end of August.

Where do I manage calendar visibility now?

Calendar visibility is now part of the relevant permission groups — for example, Time off — rather than a separate tab. This makes scoping consistent across all permissions.

Where have Reminders and two-factor authentication settings gone?

Both have moved to their own dedicated areas. Reminders are now under Automations > Reminders, and two-factor authentication is under Authentication settings. This keeps the roles area focused on access rights, and allows non-admin users to configure these settings if needed.

Did reminder configuration change?

No. Reminders moved to Automations > Reminders, but how they work hasn't changed. Use role reminders for custom date attributes. For predefined attributes like hire date, you can also use workflow reminders.

Do reminders now run through workflows?

No. Role reminders remain a separate feature. Use role reminders for all date attributes, including custom ones. Use workflows if you want to build a more complex process based on specific predefined date fields.

What if a permission I had is no longer visible?

It may have moved to a new group or been renamed. Use the search bar to find it by name, or refer to the Find permissions in the new experience article to look it up by its old location.

Where can I find permissions that used to be under "Account and subscription"?

Most are now under Account. Subscription-related permissions are under Account > Subscription management.

How can I share feedback?

Once you've opted in, you can share feedback directly with the product team. Details on how to do this are included in the in-product experience.

Will any access rights changes or adaptations that I make in the new experience also be carried over to the old experience if I opt out again?

It depends on which features you've used. Most of your configuration will continue to work as expected if you opt out — but there are a few things to be aware of:
Some features are only available in the new experience. If you've set up any of the following and then opt out, these configurations will be lost and will need to be reconfigured if you opt back in:

Calendar visibility for additional supervisors or
Calendar visibility for multiple custom scopes (e.g. Legal entity is one of A, B, or C)

Other features such as role descriptions and the Assignees tab will simply become invisible when on the old experience, but will reappear if you opt back in, with no action needed on your end.
If any of your configurations are incompatible with the old experience, you'll see a warning before opting out so you know what to expect.

Find the answers you need

The transition to the new roles and permissions experience