My Team > More > Settings > User Rights
The User Rights feature in KAMI Workforce provides a structured approach to defining and managing system access across various roles within your organization. By tailoring access rights to responsibilities, you can enhance operational efficiency while safeguarding sensitive data. This guide explains how to assign roles, configure access rights, and ensure a secure and efficient user management process.
ROLES
KAMI simplifies role management by offering a set of default roles to help you get started. These roles are designed to meet common organizational needs, but you can customize them to fit your specific requirements.
- Administrator: Grants full access to all system features and settings, including user management, permissions, and organization-wide configurations.
CAUTION: Due to the extensive control this role provides, assign it only to a limited number of trusted individuals. Misuse or accidental errors can have a significant impact on the system.
- HR Admin: Provides comprehensive access to primary employee details, including profiles, work schedules, and leave management.
- Finance Admin: Grants access to specific employee data needed for financial operations, such as payroll, benefits, or expense management.
- Manager: Enables access to team-specific employee information, allowing managers to oversee and support their direct reports effectively.
- Employee: Restricts access to self-service functions, empowering employees to manage personal tasks such as viewing their schedules, applying for leave, or updating their profile.
These roles provide a foundation for role-based access control. To maintain security and operational efficiency, regularly review and adjust role assignments based on evolving team structures and responsibilities.
To create a new role, click ADD ROLE. For a similar role, use the CLONE function to duplicate and customize an existing template, streamlining role management.
ACCESS RIGHTS
Access rights defines the level of access a user has to certain data or system functionalities.
These rights determine:
- Who the user can see or interact with (e.g., colleagues, subordinates, clients).
- What the user can do (e.g., view-only, edit, delete, or manage permissions).
- Contextual limitations (e.g., restricted to a particular department, geographic region, or project).
Access rights ensure that employees only interact with data or resources relevant to their role, maintaining security, privacy, and organizational efficiency.
PROFILE DATA RIGHTS
Profile Data Rights ensure that employees can view their personal and employment details while maintaining data accuracy through a controlled approval process.
Employees can always access their profiles but must submit changes via the Request Change feature, which requires administrator approval. Administrators, however, have the ability to directly edit their own or others' details when needed.
This system balances transparency for employees with secure management of updates, ensuring accurate and reliable records.
Certain roles can be configured with specific access rights to ensure they only see or edit information relevant to their responsibilities.
- Personal: Access to the employee's personal details like address, emergency contacts, dependents, and education.
- Ids and Banking: Access to the employee's government IDs and bank details used for payroll.
- Employment: Access to job-related information such as department, position, and employment type.
- Display Mobile Number: Controls whether the employee's mobile number is displayed. "Deny" hides it.
- Team Org: Shows details about the employee's manager, approvers, and direct reports.
- Attendance: Sets rules for attendance, such as check-ins, tardiness, and leave policies.
- Standard Schedule: Allows changes to the employee's fixed work schedule.
- Payroll: Access to payroll information like wages, tax exemptions, and salary details.
- Audit: Tracks all changes made to the employee’s profile.
- Access: Configures which modules and roles the employee can access in the system.
- All Role Access: Allows assigning roles and user rights to others if the user has the necessary profile and access rights.
BULK DATA
The Bulk Data feature enables efficient management of employee information by allowing the bulk import and export of employee profile details. This capability is particularly useful for large-scale updates or data transfers.
The My Team Reports functionality grants access to critical workforce insights, including:
- Demographics Report: A snapshot of workforce composition and diversity.
- Turnover Report: Analysis of employee attrition trends.
- Audit Report: A detailed log of changes made to employee data.
- Employee Contract Report: Comprehensive details of employee agreements.
Important Notice: Exercise extreme caution when assigning access to bulk data and reports. These tools often contain sensitive and confidential information, and improper access could lead to data breaches or unauthorized exposure. Ensure access is limited to only those with a clear business need.
ACTIONS
The Actions determine the specific functions a user can perform regarding individuals or groups over whom they have Access Rights.
- Manager & Approver: Users with this action can be designated as a Manager or an Approver for employees.
- Add Employee: Grants the ability to create and add a new employee profile to the system.
- Delete Employee: Allows for the permanent removal of an employee profile from the system. Once deleted, the data cannot be recovered.
- Terminate Employee: Enables the user to deactivate an employee profile, typically after resignation, retirement, or dismissal. Additionally, this action allows for the processing of termination pay and other off-boarding related tasks.
DOCUMENTS
Configure access settings for each document type to ensure proper control and security.
- Add Document: Allows users to upload new documents.
- Delete Document: Permissions for deleting documents depend on the user’s access level:
- Users with Edit Permissions: Can delete any document, regardless of its status (pending approval or already approved).
- Users without Edit Permissions: Cannot delete documents created by others. Can delete their own documents, but only if the document is not yet approved or completed.
- Public Documents: Enables editing of public employee documents, which are always accessible for viewing by authorized users.
- Auto Approve: Allows the role to upload documents without requiring further approval.
Private Documents: Grants access to view and manage private employee documents.
Confidential Documents: Provides access to highly sensitive employee documents marked as confidential.
SETTINGS
Controls user access to key settings related to the My Teams feature.
User Rights: Grants access to manage user rights and permissions on this page.
Team Organization: Manages organizational structure, including subsidiaries, branches, departments, positions, and groups.
Cost Centers: Provides access to configure cost center settings.
Onboarding Wizard: Enables access to settings for the onboarding process.
Discipline Type: Allows management of templates for various disciplinary actions.
Announcements & Company Notifications: Grants access to create, edit, and manage company-wide announcements and notifications for employees.
This ensures users have the necessary permissions to maintain and configure organizational and team settings effectively.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article