Assigning Roles and Permissions

"So at Sift, we're excited to announce that we've just released our roles and permissions feature as well as restricted attributes across the profile or chart and directory. So the first thing I wanted to walk through was our restricted attributes feature. So right now, I'm on the org chart, and I have the new and improved extended org charts enabled. And I've chosen to add a couple of restricted attributes to these cards being our salary and our last review score. So restricted attributes in Sift will allow you to add attributes to the profile page, org chart, and directory that are only visible by a certain subset of individuals.

So now we can see on all of my org chart cards, I can see salary information and the last performance review score. And this is an example of a couple of restricted attributes that we can see. I am I am my administrative user right now, Nealson Adocks, so I have access to the Admin Dashboard. So I can see everybody's salary info on all of these cards. But the whole point of these attributes is they are not necessarily visible for everybody. So Here, we have Geralda who is the head of strategic partnerships. And one other cool thing about this new Roles and Permissions feature is we are allowing you to proxy as different users so you can see how the permissions will work when you're setting them up. So now if I go over to this new roles and permissions section and I click on this users table and I search for Geralda, I can actually click on this little view as icon right here, and I can view Sift as if she were looking at it. So if I look at if I click this icon right here, I am now logged in as Geralda. I can see her profile at the top of my screen.

I have a little indicator over here saying I'm proxying as her. And now when I go over to the org chart, I can see my salary and I can see the salaries and review scores of all the people underneath me, but I cannot see them for anybody else in the company. So, all of these people do not have their salary and performance review score visible. And in the same vein, if I go to one of these profile pages for somebody else, none of that information is visible at all. But if I go to somebody who is underneath me so if I go, for example, to Kinnie here and I go to his profile page, I can now see his salary and his last review score on his profile page. We can also use these new attributes in our search just like you can with anything else, and it would and it would follow the same permission rules. So now if I'm here as Geralda, I can look at these last review scores, for example, in our filters, and I can go and say, "hey, I wanna see everybody who has, like, a five out of ten review score", and I can filter by that that that value. And you'll notice that, like, all of these scores here are only for the people where I have access.

So if I filter by five out of ten, all of these people again report underneath me in the business development department, and I can't see anybody else. So, yeah, idea is essentially I can now look at these restricted attributes for everybody else. And that default behavior, as I said, is you can kind of just add these restricted attributes, and then leaders will be able to see the values for everybody underneath them. But we also give you the opportunity to sort of customize those permissions for different use cases, which I'll show in a little bit. So going back over to the Admin Dashboard side, if I want to create one of these restricted attributes, I can just go over to this person profile section to edit all of my attributes, and this is like I would normally do it.

You'll now see this new column on this page, this restriction slash access column, which shows you whether the attribute is public. So this indicates that everybody in the platform can see it. Or if we head down to that salary attribute, for example, you will see that this is restricted, and it means that only people with permission, can see that attribute. So when you are creating or editing an attribute such as salary, you'll now have this section down here called the visibility where I can essentially say, hey. This is public.Everybody can see it.

Or this is restricted, and only people who have the view restricted attributes permission will be able to see this attribute. And then I can add these to any of my features like anything else. So, for example, over here on this feature management screen, if you didn't know, you can set up which things are available in those directory filters. You can set up which things are available in those org per content cards. And when you do add these attributes to that card, it'll give you sort of a reminder, hey. This is restricted. Hey. This is public. Just so you remember that this will have limited view access to it when you're using it.

So that's a a brief description of restricted attributes. So if if all you really wanna do is add some profile information to Sift that only leaders can see, this is really all you need to do. You just need to go into your attribute section, create a new restricted attribute, or update what you currently have to be restricted, and then only leaders will be able to see that on the people beneath them, and nobody else will be able to see it. However, if you're looking for some more advanced permissions, we also let you customize them. So we can go over here to this roles and permissions area, and we'll see here that we have a few default roles that exist, but you can change these, customize these, add new roles as you see fit. So by default, we have a few different roles that exist. So we have the all users role, which contains everybody in your company. And what this will do is it will give everybody at your company access to edit their own profile, view their own profile, and view restricted attributes on their own profile. So these are the only things that you can never change, but everything else you can kind of customize.

This manager role gives managers access again to view those restricted attributes for people underneath them, and it also gives them access to edit profiles of those underneath them. So if you're a manager, you can add edit people's profiles who are underneath you as well if you would like to manage those pieces of information. And then this person viewer role right now is here to kind of control what other people, everybody in Sift can see. So by default, everybody in Sift can see everybody else, and this is not restricted attributes that I'm talking about. I'm talking about people can view profiles of everybody else. But we're we've also added the functionality in this release where you can descope that as well. So say, for example, at your company, you only want people to be able to see other people within their department.

So imagine that you have your org chart split up into an IT department, an HR department, and, like, a facilities department or something, and you only want people in HR to be able to see other people in HR, but they don't you don't want them to see anybody else in SIFT at all, we can now scope that down if you want to. So, now I'm gonna go through a couple of examples of setting up a custom permission. So the first thing I wanted to do was sort of walk through how these are structured and show you an example of that last thing I was just talking about. This is sort of changing who people can view. So as an example, I'm gonna go into this person viewer role, and there's a couple of different things that make up a role in SIP. So, a role is defined as just a group of users who have a specific set of permissions. So down here, what we can do in this person viewer role that is a default role is we can manage the role the members of the role, and I can click edit here. And right now, this says everybody is in this role, for example. So, this just says everybody's in this person viewer role. And then down here, we've assigned permissions to this role, and this thing down here says view person and profile.

So if I click edit here in the same in a similar fashion, I can define what is sort of the scope of individuals that these people can view. So right now, everybody is in this role, and everybody has access to view everybody. But, for example, if I wanted to take this away and then I essentially wanted to add a filter here. You'll kind of be able to build a Sift filter like you would in a directory page. So what we can do is, for example, say that we only wanted we wanted to get everybody access to only view their own department and not view anybody else. We could use this same attribute relative filter. So what a relative filter is is this means it's relative to the person who's doing the action. So, for example, people have edit access to edit themself and view themselves. So in the same vein, if I want to give people access to view the same department as them, I can say same attribute, and then I can choose department.

And I can say save. So now, for example, if you remember, we were proxying as Geralda earlier who was in the business development department. I can once again go back and do that again. I wanna say Geralda and say view as. And now if I go over to this directory page, I only have access to see a 132 team members instead of the original one thousand. If I go back to my org chart, I will now see that the head of the business development department is now at the top of the org chart instead of the CEO being at the top of the org chart. So now here, we've sort of said that, hey. People can only look at people in their own department, and they cannot look at anybody else. So that's just kind of one example that you can use for sort of limiting your view access and stuff, and that's one that we've we've definitely heard in the past. And I'll go and I will go and edit this back to how it was. And then one other thing that I wanted to show really quick is, like, another just normal use case of maybe changing these restricted attribute permissions.

So let's say, for example, This person, Eal Perrier, is a administrative assistant, for the CEO's office. And let's say that we wanted to give him and every other administrative assistant access to view all of the restricted data within within Sift, like, for whatever reason you might want it to do that. So by default, if I were to kind of proxy as this guy, he cannot view any information outside of himself. But let's say that we wanted to give our administrative assistance because they're going to be managing the Sift platform, access to edit all of those to to view all of those restricted attributes, inside of the platform. So there, what we would do is we would create a new custom role, and we would call it administrative assistance. And then we'll add a description so people know what the role is for.

So this grants access to EAs to view restricted attributes. We could say save and next. So, again, we have two things here to define. Like, the first thing we can say is, like, who is a part of this role? So there's a couple of different ways you can add people to a role. So the first way you can do it is, like, you would in another traditional system. You can, like, manually add people. So if I just wanted to add this person to the role and add every administrative assistant one by one, I could do so. But one powerful thing about this system in Sift is we're kind of taking advantage of our dynamic search capability. So what I can do here is I can actually go up to add filter, and I can say, I want to find all the people who have a job title of executive assistant as I think is his job title, actually. Let me see. Let me see what his job title is. Administrative assistant. So I can go here and I can find all of the administrative assistants.

And I can confirm. So this is basically saying everybody who is an administrative assistant is in this role. So this means if you ever add a new administrative assistant to your company or one leaves the company, they would automatically be granted this role and vice versa. So there we go. So now we're saying, I want everybody who's an administrative assistant in this role, so I'm gonna hit save and next. So We have three different types of permissions that are currently available. One is editing profiles, one is being able to look at profiles, and the third one is viewing restricted attributes. So I wanna add this view restricted attributes permission. And then up here, again, this is similar to the members page.

You're defining which people do you want to grant restricted attribute permission for. So in this example that we're doing, we said we want to let them view everybody's restricted attributes, but we could also say, oh, I want to give the administrative assistants access to view restricted attributes for only the IT department or something like that instead of everyone. But here, we're gonna say add everyone, so this just gives them access to view everybody's restricted attributes, and we wanna say save and next. So now that that is set up, if I go over to this user's page and I search for this person that we are just looking at, we can now see if I go and I click into him, we can look at his page, and we can look at, like, all of the different roles that he has.

So he has the person viewer role, the all users role, and the administrative assistance role. And then if I go and click this button and go over to Sift, I should now be able to look at the restricted attributes, on everybody's profile where I cannot before. So We did sort of include these base level default roles of leaders can view people below them because we thought, hey. That's a very common way that people do these sort of permissions. But if you have something more specific, like, I want to give, like, the IT support department the ability to view all of this so they can do support things or HR leadership to assign all of them, you're able to do that as well. So that was a quick walk through of the rules and permissions feature. Thank you for listening."