***Important Note: Your company may periodically be audited by an outside agency, and the auditor may have need to see portions of your personnel files. Creating these "auditors" as restricted admins will follow the same steps- the only difference being the specific data you will allow them access to. Step 5 below discusses the fields you may want to restrict for an auditor.
NOTE: If your company’s account does not have our “User Permissions” functionality enabled, you will not see an option to add a restricted administrator. There is an additional charge for this functionality. If you would like it enabled or have questions, please contact support@workbright.com.
Step 1: Create a “Group” Specific to the Restricted Admin or Auditor’s Visit
In many audit scenarios, the auditor(s) will have a specific list of employees that they will need to review the personnel files for. In order to restrict their view to JUST those employees, create a group explicitly for it. It is not necessary to know who will be in the group yet. Go to Settings > Groups > + New Group
Alternatively, if you simply need to create restricted admin access for one of your admin, you will follow the same steps above and create a group you want them to have access to- keeping in mind you can use any naming convention you would like for the group names you create.
Step 2: Go to Settings > Admin Users > + New Admin
Enter a name and an email address. You can either use the auditor’s email address if you would like to give them control of setting their own password, or use a company email address where you can receive the log-in invitation and set the password on their behalf.
Choose “Restricted Access,” then “Create a Permission Policy.”
Step 3: Give Them Access to Your Newly Created Group:
The first step of creating a permission policy is to determine which people the admin can access. By giving them access only to the new group you just created explicitly for this visit, you prevent them from seeing anyone who is not in that group. At the moment, that may be zero people and that is just fine -- you can add employees to the group at a later point.
Step 4: Limit Which Profile Fields the Admin Can See
Your auditor most likely does NOT need to see every field in your employees’ profiles, and certainly does not need the ability to edit those fields. To choose which fields they cannot see -- such as Pay Rate and SSN -- choose “Customize” and then add the fields to the list that you want to prevent them from seeing.
We recommend “Denying” the auditor the ability to edit any fields.
Step 5: Limit Which Form Submissions the Auditor Can See
Your auditor most likely does NOT need to see every submission in a person’s file. Health History Forms, I-9s, and other forms contain sensitive information that are often irrelevant to the audit.
Choose Customize, then add the forms individually to the list that you want to prevent the auditor from seeing. By calling out the forms specifically with a “Deny” in the “View” column of the table, you ensure that they cannot see submissions of these forms.
Similar to profile fields, make sure that you prevent the auditors ability to do things like approve or reject forms.
Step 6: Deny Access to All Other Functions
The remainder of the settings in the Permissions wizard will be asking you if this admin should be able to do things like add new employees, create new forms, and run reports. In all likelihood, they do not need that functionality -- only the ability to view certain portions of certain personnel files. Therefore, choose “Deny” for all settings going forward in the wizard:
Your permissions page for the auditor should look similar to this when you’re complete -- access to a single group, view-only access to certain profile fields, view only access to certain form submissions, no other abilities.
Step 7: Save the Policy, Finish Adding the Admin
The policy isn’t actually in effect until you click “Finish” and then add the administrator, as seen below.
Step 8: When the Audit is Underway or You Have Added Staff Members In WorkBright, Add Any Necessary Employees to the Group
Because you created this policy in a way that only gives the admin access to your newly created group, they will not be able to see any personnel files until you add people to that group. When you know which personnel files the auditor should see, you can add them to the group from the staff page using Bulk Actions > Add Staff to Group: