This article explains the permissions that control access to document-related data and features in Personio. It covers what each one does, so you can set up roles with the right level of access. Use it as a reference when you set up or manage Document permissions in your account.
Document permissions are part of Personio's broader role-based permissions system. For a full overview of all permissions, see our dedicated summary article and our article about setting up permissions and employee roles.
Document category
Every document category in your account has its own permission. This permission controls access to the Documents tab in the employee profile, and whether a member can view, add, or edit documents in that category for the people in their scope.
You need to configure access to each category individually.
The access level you assign determines what the members of that role can do. See the table below for a description of each.
| Access level | What you can do |
|---|---|
| View | See and download documents in the category for the defined scope. |
| Propose | View, download, and upload new documents in the category for the defined scope. Role members can't use document templates or delete documents. |
| Edit | View, download, and upload documents, use document templates, and delete documents. Edit access is also required to request an e-signature. |
Reporting line, Custom, and All exclude the employee's own data. If a supervisor needs to access both their team's documents and their own, select Self in addition to the relevant access area.
By default, new document categories have no permissions set. When you create a category, you need to grant the relevant roles access to it, otherwise only Administrators can see documents in that category.
Documents hub
This permission controls access to the Documents hub.
Individual user permissions control what documents they can see and manage in the Documents hub. You can only view or edit documents if you have permission for the relevant categories within the defined scope.
If the user has access to the hub, they can see signature request information for the documents in categories they have access to:
- View: users can see signature request statuses
- Edit: users can see signature request statuses and initiate a signature request from the Documents hub
Document settings
This permission controls access to your organization’s Documents setup.
With this permission, a user can access Settings > Documents to create and manage document categories and templates.
This includes creating, renaming, and deleting custom categories. It also includes uploading, editing, or deleting document templates. It’s not possible to edit predefined document categories.
Note:
Candidate document categories are predefined by Personio and managed separately through Recruiting roles, not through this permission.
Import - documents
This permission controls access to bulk-uploading documents to employee profiles using the Import feature.
You can't scope this permission by access area. When a role has this permission, members can import documents for all employees in the account, there's no way to limit the import to a specific subset.
Importing a document doesn't give the uploader ongoing access to it. Access to documents after import is still governed by the standard Document category permission for that role.
Documents permissions and e-signatures
E-signatures aren't a standalone permission. They depend on a specific combination of permissions from other groups.
Send signature requests
To request an e-signature on a document, the role needs:
- Edit access to the relevant Document category and scope of employees.
- View access to Employee profile > Public profile for the employee they require a signature from.
Sign a document with an e-signature
Employees don’t need a specific permission to sign a document. The request goes directly to the employee. To see the signed document in a profile, the employee needs view access to that document category.
Monitor the status of signature requests
Only Administrators can access the Active signatures widget and Signatures Overview to monitor signature requests.
Non-Administrator roles can check signature status only from within the individual employee profile, provided they have edit access to the relevant document category.
Data retention policies
Data retention policies can't be delegated. Only Administrators can create, run, or review data retention policies. Even if a role has full edit access to a document category, it can't manage the retention rules that apply to it.
Permissions for common tasks
The table below provides an overview of the permissions you need to perform common actions or access certain features in the tool.
| Task | Permissions needed |
|---|---|
| View a document in an employee profile |
|
| Upload a document to an employee profile |
|
| Use a document template or delete a document |
|
| View documents in the Documents Hub |
|
| Edit or delete documents from the Documents Hub |
|
| Import documents in bulk |
|
| Request an e-signature |
|
| Check signature status |
|
| See the Signatures Overview or Active signatures widget |
|
| Create or manage document categories and templates |
|
| Manage data retention policies |
|