Product updates Developers portal

What can we help you with?

About access control groups and how they work

Kristiana
  • Updated

Quick access: Administration > Access Control 

The access control section of Peakon controls the permissions different user groups have access to, relating to viewing results, managing employee data and more.

For a manager to be able to access their dashboard, they must be in an access control group that is active and has permissions enabled. It is therefore important to get this right, to ensure that the relevant groups have the correct permissions in order to access their dashboard. 

This article will cover:

Default access control groups

While the default Administrators, Human Resources and Senior Leaders groups provide its members access to 'All employees' (ie. a company wide view), the default Managers group provides its members access to 'Managed employees', whether it's a reporting line or an already existing segment. Refer to Table 2 for more information.

Table 1. All companies on Peakon start off with these default access control groups.

Group Description

Administrators

Users need to be added manually by another administrator

Managers

The system automatically identifies managers based on reporting lines or segment access, and adds them to this group

Employees

All users that are current employees are part of this group

Human Resources

Users need to be added manually

Senior Leaders

Users need to be added manually

Creating and configuring access control groups

For a more nuanced access, the existing groups can be customised and new groups can be created. 

  1. Go to Administration > Access Control
  2. Click on the Add group button
  3. Type in the group name
  4. Choose the type of Access group members should have (refer to Table 2
  5. Under the People section, select Choose manually or Choose by segments (refer to Table 3)
  6. Set the permissions - use All access control permissions explained and Access by question set for reference 
  7. Save the changes
  8. To manage users on an access control group, refer to the Adding or removing users from access control groups article

Table 2. The below table shows the 3 access control group levels.

Group level Explanation Adding users

All employees

This is appropriate for admin-like groups, as it automatically grants the group’s members access to company level data, whether the group is configured to only access survey results, manage employee data or otherwise. 

Any existing user can be added.

Managed employees

This is appropriate for leaders of any level, who need access to a specific team. This could be through reporting lines (for example a direct reports segment) or through assigning them an already existing segment (for example a department or a country segment). A member of this group would be able to use their permissions within their assigned area.

Only users with an assigned reporting line or a managed segment can be added to such groups, so this needs to be done first.

Individual

This is for all permissions relating to survey participant access to personal dashboards. See Enabling the personal dashboard for your company

Any user can be added (or is automatically added, in case of the default 'Employees' group)

Example: overlapping group members

Users can be part of multiple groups at the same time. For example, all managers and administrators are also survey participants, and are therefore part of the Employees group ('Individual' type).

When a leader is in 2 access groups of the same level, the settings across the groups work together. There are differences when a leader is in 2 different level groups:
  • Active settings in an All employees group are also available when the leader views managed segments through their Managed employees access.
  • Active settings in a Managed employees group aren't available when the leader views company level data through their All employees access.
Comments active Comments inactive Experience

All employees

All employees

Comments are active.

All employees

Managed Employees

Comments are active in managed segment and company context.

Managed employees

All employees

Comments are active in managed segment context.

Managed employees

Managed employees

Comments are active.

Table 3. The below table shows two ways of populating an access control group

Method Description

Choose manually

Allows users to be manually added to the group one by one. As the Access control area is only visible to administrators, this is ideal for companies where employee management (with regards to permissions) is centralised. 

Choose by segment

Allows a segment of users to be added to the group. When using this with a 'Managed employees' group level, only users who manage employees or segments will be added to the group. This is a good option to use when employee administration is handled by non-administrators, as they can just ensure an employee is added to the required segment, for them to be auto-added to the access control group. See Adding or removing users on segment managed access control groups.

For existing groups, click Edit and use the Only Including or Excluding fields to only include or exclude a specific segment. This will only affect users who are managers within those segments.

Specialist access control groups

Administrators can set up control groups to enable two types of specialist access:

  1. Specialist: company-wide access, and
  2. Specialist: segment specific access

Specialist: company-wide access

Specialist, company-wide access rights enable administrators to provide access to specialist users who require company-wide data for a particular driver (or combination of drivers). They can tailor which drivers, within one or multiple question sets, an access control group has access to.

When creating a new specialist access control group of this type, you can define which drivers, across different question sets, users of that group can view on their dashboards.

The access by driver feature gives added rights, and is not restrictive. Access by driver provides additional company-wide data to certain specialists within an organization and doesn't remove drivers from manager dashboards.

An example of this is providing a Director of Learning and Development access to the Growth driver to allow them to be accountable for company-wide learning and Growth goals.

Set up specialist company-wide access

  1. Navigate to Administration > Access Controls
  2. On the Access level section, select the Specialist: company-wide access button.
  3. Scroll down to Question Sets 
  4. Click on drop down next to each question set to expand associated drivers
  5. Check the box next to each driver that the Specialist should have access to
  6. Select Save Group to save changes

Specialist: segment specific access

Specialist, segment specific access rights enable administrators to provide segment-specific access that enables you to grant access for users to specific question sets, drivers, or segments that have direct relevance to their roles, along with organization-wide survey data.

An example of this is providing a French regional D&I manager, who is also a line manager for a team, the ability to see their team access in one context and see the D&I data for France only in a new access by segment context.

Set up specialist segment specific access

  1. Navigate to Administration > Access control.
  2. Select the Specialist access tab.
  3. Click Add specialist group and choose your access settings and question set driver combinations.
  4. Add a group name.
  5. On the Access Level section, select the Specialists: Segment Access button.
  6. Select the Group members tab on the access control group you created.
  7. Select Add people to select from the drop down list of employees or by using the search bar.
  8. Click Add.
  9. Click the plus icon under the Segments column to open the segment selector.
  10. Select Add segment on your selected segment. Info: You can select as many segments per user as you require. When users are already assigned segments, you can click on a segment to manage the segments or add new segments .
  11. Click Close.

See: Set up access by segment for users

Removing access control groups

  1. Go to Administration > Access control
  2. Open the group you wish to delete
  3. Click on Edit
  4. Click the trash icon at the top right corner

This will instantly delete the access control group. Any existing members of the group risk losing login access, if they are not part of another access group that enables login access.

Temporarily deactivating an access control group

  1. Go to Administration > Access control
  2. Open the group you wish to deactivate
  3. Click on Edit
  4. Toggle off the Access group active option
  5. Save changes

The group will immediately become inactive, and indicate this through a red circle icon next to its name. This action will stop members of this group using their privileges effective immediately even when the individual permissions are turned on. Any existing members of the group risk losing login access, if they are not part of another access group that enables login access. The group can be reactivated at any point. 

Exporting an access control group

It is possible to export a list of all users from any of the access control groups, whether it includes all its members or a filtered list by dashboard visibility, last notification or login.

  1. Go to Administration > Access control
  2. Select an access control group
  3. Go to the Group Members tab
  4. Click on the Export option at the top of the list of employees
  5. Select any relevant filters and click on Export to download the file

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk