Each employee account (profile) contains a set of fields that store specific information in the system, such as employment type, education, phone number, or custom fields. These are typically filled in by the user creating the profile and can later be made available for editing by other users.
Whether a user can edit data in employee profiles depends on their permission group. You can create and edit permission groups under Settings > User permissions.
Setting Up Employee Permissions
To allow employees to edit profile data, assign them one of the following permission sets:
Option 1: Limited Management Access
Allows editing of: Own profile, subordinates’ profiles, and profiles they created
App/Feature | Access to module/feature | Creating new records | Managing records (edit/delete) |
---|---|---|---|
Employees | Yes | Yes/No | Manage only own records |
Option 2: Full Administrative Access
Allows editing of: Own account and all other user accounts
App/Feature | Access to module/feature | Creating new records | Managing records (edit/delete) |
---|---|---|---|
Employees | Yes | Yes/No | Admin module |
Option 3: No Editing Access
Result: User cannot edit their own account, subordinates’ accounts, or other employees’ profiles. They also cannot change their password.
App/Feature | Access to module/feature | Creating new records | Managing records (edit/delete) |
---|---|---|---|
Employees | Yes | Yes/No | No |
Important: If you remove all editing permissions, users won’t be able to change their passwords.
Configuring Self-Service Settings
Once you’ve granted editing permissions, you can specify exactly which fields employees can modify.
Where to configure: Settings > Settings > Employees > Self-service
Here you’ll find a list of available profile fields with configuration options for four different user roles:
- Employee
- Direct Manager
- Employee Account Creator
- Employee Database Administrator
This allows you to control which fields each employee can edit themselves, which their manager can modify, and which require administrator access.
Understanding User Roles
- Employee – define what an employee can change in their own profile.
Tip: If users log in using the classic form with username and password, ensure they retain password editing rights so they can reset forgotten passwords. - Manager- determine what a direct manager can edit in their subordinates’ profiles.
- Account Creator – specify which data can be edited by the user who created the employee account.
- Employee Database Administrator – indicate which data can be edited across all employee profiles.
How Roles Combine
Multiple roles = Combined permissions
If a user has multiple roles simultaneously, their final editing scope will be the sum of permissions granted across all relevant columns.
Example Scenario
A user has permissions to create new employee accounts and manage their own records. They’ve created two accounts: one subordinate and one other employee. They’re also a manager of other people whose accounts were created by an administrator.
Their editing permissions:
- ✅ Own profile: Scope defined in “Employee” column
- ✅ Subordinate they created: Scope from “Direct Manager” + “Employee Account Creator” columns
- ✅ Subordinate created by admin: Scope from “Direct Manager” column only
- ✅ Employee they created but assigned to another manager: Scope from “Employee Account Creator” column only
- ❌ Other employees’ profiles: No editing access
Best Practices
For password security: Always allow employees to edit their own passwords if using traditional login methods.
For data accuracy: Consider giving managers editing rights for key employment details of their team members.
For privacy: Restrict sensitive fields (like salary information) to administrators only.