Manage Roles

Manage Roles

Users are people that work within UKG HR Service Delivery solutions. Users can be Administrators, Human Resource Business Partners, or Payroll representatives - any person that regularly uses the system to complete their job tasks and responsibilities. Each role includes permissions that define the actions that an associated user can perform in UKG HR Service Delivery solutions.

Users with administrative permissions assign roles to other users. These roles determine what a user can do on the platform. Each user has at least one profile consisting of two parts; a role and a scope. The role and scope define two distinct aspects of the profile. User accounts include:
  • Personal/user information
  • User profile or profiles
    • Role: What can I do? - The permissions granted to your role determine the actions you are allowed to take in the platform. The job responsibilities of a role determine which permissions are added to the role in the Document Manager solution. For example, a Payroll user would not have permission to manage imports as doing so is likely outside of their primary job responsibilities.
    • Scope: Which employees can I see? - The scope determines which employees and documents a user can interact with. You are only allowed to interact with platform information that is available to you via your scope. The symbol after the role name defines the scope and describes which organization or organization group the role can interact with.
      • The = grants visibility to the selected organization only.
      • The ≤ grants visibility to the selected organization and its suborganizations.

You can have more than one profile in HR Service Delivery solutions. In the UKG Document Manager solution or the UKG People Assist solution, select the user image in the sidebar navigation menu to access or switch your active user profile. Upon login, the platform defaults to the profile last used by the user.

Note Roles integrate from your HRIS platform. Role names and codes in HR Service Delivery solutions must match your HRIS. If you have an HRIS integration, we recommend first adding or modifying roles in your HRIS. Allow the synchronization to update information in the HR Service Delivery solution.

Update an Existing Role

From the Profile area on the user's User accounts page, you can modify a role's name, permissions, and access to employees, documents, or requests.

Navigation:Menu > Admin > Users > Roles and Permissions > Select the Role

  1. From the Users section, select Roles and Permissions.
  2. Select the role you would like to update.
  3. Update the role name, permissions, and rights on employee and company documents.
    Note The code cannot be changed or updated once a Role has been created.
  4. When you are finished, select Save Role.
    This image shows the location of the Roles and Permissions tab on the Users page.

Add a Role

Whether you have the UKG HR Service Delivery suite or one of itssolutions, all roles must be added in your HRIS and the UKGHR Service Delivery Document Manager solution. Verify that the role code is identical between the HRIS and HR Service Delivery platforms for proper integration.

Navigation:Admin > Users > Roles and Permissions > New Role
Tip You can only add new roles in the UKG Document Manager solution. The roles automatically migrate to the UKG People Assist solution.
  1. From the Roles and Permissions tab, select the New Role button.
  2. Name: enter the name of the new Role
  3. Code: enter a code
  4. Select Receive Notifications for Distribution Projects Awaiting Validation, if necessary. This option sends notifications to users about confirming distribution projects.
  5. Select the role permissions, rights on employee documents, and rights on company documents. Select the relevant permissions for the role, you receive an error message if you select permissions that are not logical with each other.
  6. Select Create Role to save.Screenshot of Document Manager interface on the new role page illustrating the required Name and Code fields, the permissions settings, and rights on employee and company documents.

Role Permissions in Document Manager

Role permissions grant or restrict access to actions on the platform. Some permissions configured in the UKG Document Manager apply to the HR Service Delivery platform and some apply only to Document Manager.

Table 1. General Permissions — Employees
PermissionDescription
View Private Custom FieldsAllows users to view employee private custom fields in the employee's profile, employee document metadata, and advanced search criteria. The View Employees permission is also required to activate this permission.
Manage EmployeesAbility to add an employee manually (in the Employees section - not through the Employee Import). Also, the ability to update an employee's profile manually, and delete individual employees. The View Employees permission is also required for the Manage Employees permission.
Manage Employee SAML TokensUser can change or delete Security Assertion Markup Language (SAML) token data in the employee profile. New or updated employee SAML tokens may be necessary if:
  • The company is rehiring a former employee

  • An existing employee changes position

The Manage Employees permission is also required to activate this permission.

Manage Employee DeletionAbility to permanently delete an employee profile, including the employee's documents and resources. After deleting an employee profile, the remain employee documents or signatures become anonymous. This option is available to roles that also have permissions to View Employees and Manage Employees.
View EmployeesAbility to view an employee's profile, history, and notes and reminders (within that user's scope).
View Employees Without Registration ReferencesAbility to view employees even if that employee does not have a registration reference. The View Employees permission is also required to activate this permission.
View Former EmployeesAllows users to view terminated employees and current employees that were previously, but are no longer, in their scope. The View Employees permission is also required to activate this permission.
Table 2. General Permissions — Distributions
PermissionDescription
Manage All Distributions Ability to add, change, download, and delete all distribution projects.
Manage Distributions Created By UsersAbility to add, change, download, and delete distribution projects created manually by other users.
Table 3. General Permissions — Employee Vault
Note Employee Vault is not available for North American customers.
PermissionDescription
Export Invitation Codes for Vault ActivationAbility to export vault activation codes for employees with no email address. The View Employees and Manage Employees permissions are also required to use this permission.
Manage All DistributionsAbility to add, change, download, and delete all distribution projects.
Manage Distributions Created By UsersAbility to add, change, download, and delete distribution projects created manually by other users.
Manage MailingsAbility to add, change, and delete mass mailings.
Receive Vault Deletion Notifications on the Homepage and By EmailAdministrators can activate this permission for roles that must receive notification when an employee requests the deletion of their Employee Vault. Notifications are received on the Document Manager homepage and by email.
Send Documents to the Employee Vault Allows users to send a document to the employee’s Employee Vault. Role must have Access Employee Documents permission to use this feature.
View Vault Activation StatusAllows you to enable the visibility of Employee Vault activation status by role. If this permission is not activated, users cannot send document to the Employee Vault or manage mass mailings.
Table 4. General Permissions — Documents
PermissionDescription
Access Company DocumentsThe umbrella permission that gives users access to Company Documents. Which Company Document Types, and the actions a user can perform are determined on the Document Type level. This permission is required if you want this role to be able to perform any action on any particular company document.
Access Employee DocumentsThe umbrella permission that gives users access to Employee Documents. Which Employee Document Types, and the actions a user can perform are determined on the Document Type Level. This permission is required if you want this role to be able to perform any action on any particular employee document.
Manage Document GenerationAbility to generate a document for an employee. This permission, alone, does not give the ability to manage the template; rather, only use a template to generate against. The permission Manage Document Deposits, Access Employee Documents, and View Employees are all required to use this permission.
Manage Campaign GenerationAbility to create communication campaigns in Document Manager.
Manage Document DepositsAbility to upload documents (Manage Document Deposits is an umbrella setting: a role must have the Document Type Level Permission Upload, and this permission marked as Yes. A role requires permission to either Access Employee Documents and/or Access Company Documents to have this permission.
Manage Documents Past Retention PeriodAbility to access the Document Past Retention Period folder in an employee's folder. This permission allows you to view and trash documents that are past their retention period.
Manage Document DeletionAbility to view and manage (either review or permanently delete documents) in an employee's Trash subfolder. You can view, revive, and permanently delete documents that have already been marked as Deleted from an employee's folder. A user maintains their Document-Type Level Permissions in other respects. For example, a user cannot delete a document type that they do not have permissions to view.
Manage Legal HoldsAllows users to initiate a legal procedure with an employee directly from Document Manager. Adding a legal hold to an employee document creates a copy of the original at the time a legal hold was added. A legal hold document cannot be deleted or edited. Documents in a legal hold cannot expire. When a legal hold is deleted, the copied documents inside the folder are deleted.
Manage Shared FoldersAbility to create and share a Shared folder with other users, employees, and guests. You can also manage those Shared Folders' permission. Also the ability to update or delete their own Shared Folder. A role must also have at least either Access Employee Documents or Access Company Documents to be able to add documents into Shared folder.
Send Documents to the Employee by EmailAllows users to share documents via email with employees. If this permission is not selected, documents can only be sent to an employee in a Shared Folder. Role must have Share document permission to use this feature.
Table 5. General Permissions — Platform Administration
PermissionDescription
Export Employee List by .CSVAllows users to export the list of employees in a .csv file that contains sensitive personal data.
Manage Employee ImportsAbility to import a .CSV file for your employee population onto the platform. Also the ability to view the import history of your employee imports. The import history includes the ten latest imports with information about:
  • Date/time stamp of the import status
  • Number of rows
  • Rows created/updated/had errors
  • Access to the source CSV, Import Report, and Error Report
Manage Custom FieldsAbility to add and change Custom Fields on the platform. Only Document Manager support can delete custom fields and modify "List" values.
Manage Data SetsAbility to create data sets, update existing ones, and view content.
Manage Document TemplatesAbility to create, edit (for example, publish or schedule) and delete document templates. Permission to Manage Document Types and Folders is required to add and use this permission.
Manage Document Types, Folders and Retention PoliciesAbility to add, change, and delete Document Folders and Document Types from the platform. Also includes the ability to define and administer Retention Policies, metadata, and document-type level access restriction. This permission applies to both Employee Documents and Company Documents.
Manage OrganizationsAbility to add, change, delete, and export Organizations directly onto the platform (not imports). Also, the ability to add, change, and delete Organization Groups.
Manage Organization ImportsAbility to import a .CSV file for your organization tree onto the platform. Also the ability to view the import history of your organization imports. The import history includes the ten latest imports with information about:
  • Date/time stamp of the import
  • Status
  • Number of rows
  • Rows create/updated/had errors
  • Access to the source CSV, Import Report, and Error Report
Manage SettingsAbility to whitelist IP addresses, define session expiration, and define password management settings on a role-by-role basis. Also, the ability to change the platform's logo icon.
Manage Signature TypesAbility to access the Signature Types tab and manage simple or advanced electronic signature types.
Manage RolesAbility to add, modify, and delete roles within the platform. Management of roles includes ability to change both General Permissions and Document-Level Permissions. Changes made to Roles impact all users that have Profiles of that Role.
Manage UsersAbility to create user accounts, assign roles to users, modify, and delete existing users. Also the ability to create, modify, and delete Team Inboxes.
Manage Retention Policies for Digital Process Manager and Request ManagerAbility to create, update, and delete for requests and processes in the People Assist solution.
Third-Party Apps ManagementAbility to view and control third-party apps in Site Settings.
View the Event LogAbility to acess the Audit Trail module and review the event logs to monitor and audit platform activity.
Table 6. General Permissions — Signature
PermissionDescription
Manage SignaturesAbility to view the Signature tab, including any Signatures that have already been sent or received. Ability to send Reminders to Signatures that are pending and preview the documents and download a .CSV of previously sent Signatures. This permission does not allow a user to cancel a Signature, or otherwise change it.
Manage Signature CreationAbility to view, create, send reminders, download, and cancel signatures that a user has launched. If a user can Manage Signature Creation without the Manage Signatures permission, they cannot see signatures that other users have sent. A user can only send a document for signature that is tied to a Document Type that they can upload.
Table 7. General Permissions — Statistics
Note Employee Vault is not available for North American customers.
PermissionDescription
View StatisticsAbility to view the Statistics tab, which includes statistics about employees, documents, Employee Vault*, and signatures.

Role Permissions in People Assist solution

All roles are created in the UKG Document Manager solution. However, the permissions for a role are assigned in either the Document Manager or People Assist solution.

In the People Assist solution, role permissions are configured in the Admin section.

Admin > Users > Roles > Select role

Table 8. Request Permissions
PermissionDescription
Access the Employee Information and Request History page Ability to access the requesting employee's details including:
  • Profile information (a user can only view information allowed by their permissions and scope)

  • System statistics

  • History of requests

View Requests Ability to view lists of employee requests based on the user's scope. Depending on People Assist configuration, this permission allows you to write messages on a request, edit request fields, and execute request actions.
Can See Request Metadata Can see request assignee, status, link requests
Archive RequestsCan archive request from status > archive option
Create RequestsCan create requests for an employee
Can Manage Request Status, Priority, and Access Level
  • Access management modal from request details page

  • Change status, priority

Table 9. Process Permissions
PermissionDescription
Access the Process Tab and View List of Processes
  • Launch processes

  • Access the Processes Created by Me tab

  • View processes according to scope and assignment.

Create, Edit, and Delete Processes, and Can Own Processes
  • Create and edit processes

  • Cancel incomplete processes that you created

  • Delete processes

Tip You cannot delete a process after it has launched on the platform. You must cancel launched processes via API.
Table 10. Knowledge Base Permissions
PermissionDescription
Create and Use Answer Templates
  • Create answer templates that send standardized messages and feedback

  • Ability to access and use answer templates

View Article RatingsAbility to view an article's employee feedback as a standardized rating
View Knowledge Base ArticlesView articles published in the knowledge base
Create, Edit, and Delete Knowledge Base ArticlesAccess to create and update articles in the knowledge base
Create, Edit, and Delete Knowledge Base FilesAccess to create and update files in knowledge base articles
Table 11. Statistics
PermissionDescription
View Own StatisticsView standard statistics for your activity in the system
View All (Global) StatisticsView all statistics available on the platform
Access the Statistic Dashboard for Processes and TasksView standard statistics for the Digital Process Manager solution
Table 12. Administration Permissions
PermissionDescription
Access All Processes and All Requests from All OrganizationsAccess details pages of requests that are not from my organization
Can Bulk-Export ItemsExport request modal, accessible from All Requests and Request Create by Me tabs
Delete RequestsCan delete requests that are in the status Archived
Create, Edit, and Delete CategoriesManage legacy knowledge base categories
Create, Edit, and Delete Process Templates, and Edit or Cancel Processes Created by Other UsersAccess to create and update process templates used in process configuration
Create, Edit, and Delete Forms to be Used in ProcessesAccess to create and update forms used in process configuration
Create, Edit, and Delete Forms to be Used in RequestsAccess to create and update forms used in request management
Create, Edit, and Delete RolesAbility to create or update roles
Create, Edit, and Delete RulesAbility to create or update trigger rules.
Create, Edit, and Delete Orchestration TriggersOn the trigger creation/edition page, enables the action Trigger an Orchestration
Create, Edit, and Delete TeamsAbility to create or update teams.
Create, Edit, and Delete UsersAbility to create or update user information.
View Admin LogsAbility to view log of administrative actions.