Managed Permissions, also known as Admin Permissions or Permission Policies, is a feature that allows you to create a customized level of permissions as a prebuilt policy for your admins that require a restricted view or scope.
Note: Admins under Managed Permissions will not have access to the top-level Settings menu or the API key and webhook settings (if applicable).
In this article we will go over:
Where to find Managed Permissions
Start by going to your settings view by clicking on “Settings” in your navigation bar.
Once on the settings view you will navigate to the side bar on the right side of your screen. You will see that “Admin Permissions” has been added to your “Company” section. Click on “Admin Permissions” to open this page.
Creating a New Policy
On this page, you will see the ability to create a new policy, see the policies that have been created, and make edits to already created policies.
Let's first look at creating a new policy. Click the “New Policy” button.
This takes us to the first page in our setup.
Step 1: Policy Name
Name your policy, We suggest a distinct title that will be easy to identify and differentiate from others.
Note: Policy names cannot be changed after they are created.
Once you have named your policy, you can proceed to the next step by clicking “Next”.
Step 2: Profile Fields
Here you will select the level of access to fields you will want to allow for your admins under this policy.
Read-only access to basic profile info: Name, Address, Email and Phone
Read-only access to all profile info (including custom fields)
View and change all profile info (including custom fields)
Customize
This note will populate on Steps 2 and 3 to remind you of the access level you are setting.
NOTE: If you restrict specific field access, but then configure access to include a form that contains that field, the administrator WILL be able to see/download/report on that entire form, INCLUDING the restricted field.
If you pick any of the first three options, you will move to Step 3. If you choose “Customize,” you will move to this page next.
Here you will see a few different spots that you can interact with to customize your admin's level of accessibility to these fields.
Let's start with the main box where you will see “SSN” and “All other fields” in this box you will see four columns:
Field - The name of the field that you are creating an access level to.
View - A toggle switch (Allow or Deny) that selects if this policy will allow your admins in this policy to have visibility into this field
Deny - will not give visibility to the admins in this policy
Allow - will give visibility to the admins in this policy and will create access to the Other Actions Toggle.
Other Actions - This toggle (Allow or Deny) will allow you to give an additional layer of permissions to this field. The Action is indicated in the text on the right-hand side of the toggle in this case “Edit”. If this toggle is turned to “Allow,” your admins in this policy will be able to Edit this field as well as view it.
Remove - Indicated with a grayn “x” icon which allows you to remove the row and the field that is added.
Now that we have covered the parts of the box, let's look at the “Add a Field” button.
When you click “Add a Field” a small window will open that will show you the collection of fields you can add and how many there are to add.
When you click into one of the options, it will show you all of the available fields. If you want to go back to select from the other field collection, you can click the “<” at the top of this window, and it will take you to the previous view.
Whatever you select in this window will be populated in the main box we reviewed earlier.
Once you are happy with all your permissions, you can click “Next” to move to Step 3, or you can click “Previous” to go back to a page.
Step 3: Forms
Here, you will select the level of access to forms you will want to allow for your admins under this policy.
Read-only access to all submissions
View all submissions and be able to only Request New Submissions and Accept/Reject
View all submissions and perform all actions
Customize
As you can see there is the same note about restricted field access shared in step 2.
If you pick any of the first three options you will move to Step 4. If you choose “Customize” you will move to this page next.
Here you will see a few different spots that you can interact with to customize your admins level of accessibility to these fields.
This will be similar to the customized options you saw in section 2 with the same functionality.
The main differences in this section will be forms and not for fields. You will also see that the second column has the additional action of download added to this toggle option.
Once you are happy with all your permissions you can click “Next” to move to Step 4, or you can click “Previous” to go back a page.
Step 4: Employee Management
Here you will select what additional levels of control you will allow admins in this policy via a simple toggle with Allow or Deny.
Change which groups staff belong to
Re-hire or change employment dates
Deactivate (or re-activate) staff
Delete staff entirely from WorkBright
View supplemental file attachments
Add and modify supplemental file attachments
Once you are happy with all your permissions you can click “Next” to move to Step 5 or you can click “Previous” to go back a page.
Step 5: Other People
Here you will select the level of visibility to groups that the admin is not assigned to for this admin policy.
No access (and hide from the Staff page).
Read-only access to basic profile info (Name, Email, Address, Phone), but no access to forms.
Read-only access to all profile info (including custom fields), but no access to forms.
Read-only access to all profile info and form submissions.
Once you are happy with all your permissions you can click “Next” to move to Step 6, or you can click “Previous” to go back a page.
Step 6: Other Actions
Select what other features you will allow admins to access in this policy via a simple toggle with Allow or Deny.
Add staff
Set Up Forms
Run and Save Reports
Once you are happy with all your permissions you can click “Next” to move to our final step, Step 7 or you can click “Previous” to go back a page.
Step 7: Summary
This will be a visual overview of the policy you created.
Once you are happy with all your permissions, you can click “Save” or you can click “Previous” to go back a page.
Once the permission policy is saved, you will be taken back to the main window, where you can see the policies you had made previously and the policy you have just created.
Now that we have learned to make a policy, let's look into how we can “Preview” or “Edit” a policy.
Previewing a Policy
On the main page of Admin permissions, we will see our Permission Policies. To see what access level that policy has, we will click on the “Preview” button.
This will open up a side window that will display a summary of the permission policy you selected to review.
To exit this view you can select the x in the top-right of the side window or you can click outside the side window and it will disappear.
Now let's look at how we can edit an existing Permission Policy.
How to Edit a Policy
Click on the dropdown icon next to the Preview button toreveal the “Edit” button.
This will open up steps that look similar to when you would create a new policy, with a few key differences.
You will see that it indicates that you are editing in the top part of this window.
You will also see that you are unable to update the name of the policy.
The final difference is that you will not be starting from scratch; everything that you had set up in your policy will be there and toggled to the settings you last configured them at.
You will follow the same steps until you reach step 7, where you can save the edits to your policy.
If you need to delete a policy, reach out to our support team, and they will be able to help facilitate this for you.
Managed Permissions is a feature that is available to everyone in our Premium Tier. If you would like to learn more about this or how to add it to your account reach out to AD@workBright.com.