Manage Roles
Manage Roles
Users are people that work within UKG HR Service Delivery solutions. Users can be Administrators, Human Resource Business Partners, or Payroll representatives - any person that regularly uses the system to complete their job tasks and responsibilities. Each role includes permissions that define the actions that an associated user can perform in UKG HR Service Delivery solutions.
Users with administrative permissions assign roles to other users. These roles determine what a user can do on the platform. Each user has at least one profile consisting of two parts; a role and a scope. The role and scope define two distinct aspects of the profile. User accounts include:
- Personal/user information
- User profile or profiles
- Role: What can I do? - The permissions granted to your role determine the actions you are allowed to take in the platform. The job responsibilities of a role determine which permissions are added to the role in the Document Manager solution. For example, a Payroll user would not have permission to manage imports as doing so is likely outside of their primary job responsibilities.
- Scope: Which employees can I see? - The scope determines which employees and documents a user can interact with. You are only allowed to interact with platform information that is available to you via your scope. The symbol after the role name defines the scope and describes which organization or organization group the role can interact with.
- The = grants visibility to the selected organization only.
- The ≤ grants visibility to the selected organization and its suborganizations.
You can have more than one profile in HR Service Delivery solutions. In the UKG Document Manager solution or the UKG People Assist solution, select the user image in the sidebar navigation menu to access or switch your active user profile. Upon login, the platform defaults to the profile last used by the user.
Note Roles integrate from your HRIS platform. Role names and codes in HR Service Delivery solutions must match your HRIS. If you have an HRIS integration, we recommend first adding or modifying roles in your HRIS. Allow the synchronization to update information in the HR Service Delivery solution.
Update an Existing Role
From the Profile area on the user's User accounts page, you can modify a role's name, permissions, and access to employees, documents, or requests.
- When you are finished, select Save Role.
Add a Role
Whether you have the UKG HR Service Delivery suite or one of itssolutions, all roles must be added in your HRIS and the UKGHR Service Delivery Document Manager solution. Verify that the role code is identical between the HRIS and HR Service Delivery platforms for proper integration.
Tip You can only add new roles in the UKG Document Manager solution. The roles automatically migrate to the UKG People Assist solution.
- From the Roles and Permissions tab, select the New Role button.
- Name: enter the name of the new Role
- Code: enter a code
- Select Receive Notifications for Distribution Projects Awaiting Validation, if necessary. This option sends notifications to users about confirming distribution projects.
- Select the role permissions, rights on employee documents, and rights on company documents. Select the relevant permissions for the role, you receive an error message if you select permissions that are not logical with each other.
- Select Create Role to save.
Role Permissions in Document Manager
Role permissions grant or restrict access to actions on the platform. Some permissions configured in the UKG Document Manager apply to the HR Service Delivery platform and some apply only to Document Manager.
| Permission | Description |
|---|---|
| View Private Custom Fields | Allows users to view employee private custom fields in the employee's profile, employee document metadata, and advanced search criteria. The View Employees permission is also required to activate this permission. |
| Manage Employees | Ability to add an employee manually (in the Employees section - not through the Employee Import). Also, the ability to update an employee's profile manually, and delete individual employees. The View Employees permission is also required for the Manage Employees permission. |
| Manage Employee SAML Tokens | User can change or delete Security Assertion Markup Language (SAML) token data in the employee profile. New or updated employee SAML tokens may be necessary if:
The Manage Employees permission is also required to activate this permission. |
| Manage Employee Deletion | Ability to permanently delete an employee profile, including the employee's documents and resources. After deleting an employee profile, the remain employee documents or signatures become anonymous. This option is available to roles that also have permissions to View Employees and Manage Employees. |
| View Employees | Ability to view an employee's profile, history, and notes and reminders (within that user's scope). |
| View Employees Without Registration References | Ability to view employees even if that employee does not have a registration reference. The View Employees permission is also required to activate this permission. |
| View Former Employees | Allows users to view terminated employees and current employees that were previously, but are no longer, in their scope. The View Employees permission is also required to activate this permission. |
| Permission | Description |
|---|---|
| Manage All Distributions | Ability to add, change, download, and delete all distribution projects. |
| Manage Distributions Created By Users | Ability to add, change, download, and delete distribution projects created manually by other users. |
| Permission | Description |
|---|---|
| Export Invitation Codes for Vault Activation | Ability to export vault activation codes for employees with no email address. The View Employees and Manage Employees permissions are also required to use this permission. |
| Manage All Distributions | Ability to add, change, download, and delete all distribution projects. |
| Manage Distributions Created By Users | Ability to add, change, download, and delete distribution projects created manually by other users. |
| Manage Mailings | Ability to add, change, and delete mass mailings. |
| Receive Vault Deletion Notifications on the Homepage and By Email | Administrators can activate this permission for roles that must receive notification when an employee requests the deletion of their Employee Vault. Notifications are received on the Document Manager homepage and by email. |
| Send Documents to the Employee Vault | Allows users to send a document to the employee’s Employee Vault. Role must have Access Employee Documents permission to use this feature. |
| View Vault Activation Status | Allows you to enable the visibility of Employee Vault activation status by role. If this permission is not activated, users cannot send document to the Employee Vault or manage mass mailings. |
| Permission | Description |
|---|---|
| Access Company Documents | The umbrella permission that gives users access to Company Documents. Which Company Document Types, and the actions a user can perform are determined on the Document Type level. This permission is required if you want this role to be able to perform any action on any particular company document. |
| Access Employee Documents | The umbrella permission that gives users access to Employee Documents. Which Employee Document Types, and the actions a user can perform are determined on the Document Type Level. This permission is required if you want this role to be able to perform any action on any particular employee document. |
| Manage Document Generation | Ability to generate a document for an employee. This permission, alone, does not give the ability to manage the template; rather, only use a template to generate against. The permission Manage Document Deposits, Access Employee Documents, and View Employees are all required to use this permission. |
| Manage Campaign Generation | Ability to create communication campaigns in Document Manager. |
| Manage Document Deposits | Ability to upload documents (Manage Document Deposits is an umbrella setting: a role must have the Document Type Level Permission Upload, and this permission marked as Yes. A role requires permission to either Access Employee Documents and/or Access Company Documents to have this permission. |
| Manage Documents Past Retention Period | Ability to access the Document Past Retention Period folder in an employee's folder. This permission allows you to view and trash documents that are past their retention period. |
| Manage Document Deletion | Ability to view and manage (either review or permanently delete documents) in an employee's Trash subfolder. You can view, revive, and permanently delete documents that have already been marked as Deleted from an employee's folder. A user maintains their Document-Type Level Permissions in other respects. For example, a user cannot delete a document type that they do not have permissions to view. |
| Manage Legal Holds | Allows users to initiate a legal procedure with an employee directly from Document Manager. Adding a legal hold to an employee document creates a copy of the original at the time a legal hold was added. A legal hold document cannot be deleted or edited. Documents in a legal hold cannot expire. When a legal hold is deleted, the copied documents inside the folder are deleted. |
| Manage Shared Folders | Ability to create and share a Shared folder with other users, employees, and guests. You can also manage those Shared Folders' permission. Also the ability to update or delete their own Shared Folder. A role must also have at least either Access Employee Documents or Access Company Documents to be able to add documents into Shared folder. |
| Send Documents to the Employee by Email | Allows users to share documents via email with employees. If this permission is not selected, documents can only be sent to an employee in a Shared Folder. Role must have Share document permission to use this feature. |
| Permission | Description |
|---|---|
| Export Employee List by .CSV | Allows users to export the list of employees in a .csv file that contains sensitive personal data. |
| Manage Employee Imports | Ability to import a .CSV file for your employee population onto the platform. Also the ability to view the import history of your employee imports. The import history includes the ten latest imports with information about:
|
| Manage Custom Fields | Ability to add and change Custom Fields on the platform. Only Document Manager support can delete custom fields and modify "List" values. |
| Manage Data Sets | Ability to create data sets, update existing ones, and view content. |
| Manage Document Templates | Ability to create, edit (for example, publish or schedule) and delete document templates. Permission to Manage Document Types and Folders is required to add and use this permission. |
| Manage Document Types, Folders and Retention Policies | Ability to add, change, and delete Document Folders and Document Types from the platform. Also includes the ability to define and administer Retention Policies, metadata, and document-type level access restriction. This permission applies to both Employee Documents and Company Documents. |
| Manage Organizations | Ability to add, change, delete, and export Organizations directly onto the platform (not imports). Also, the ability to add, change, and delete Organization Groups. |
| Manage Organization Imports | Ability to import a .CSV file for your organization tree onto the platform. Also the ability to view the import history of your organization imports. The import history includes the ten latest imports with information about:
|
| Manage Settings | Ability to whitelist IP addresses, define session expiration, and define password management settings on a role-by-role basis. Also, the ability to change the platform's logo icon. |
| Manage Signature Types | Ability to access the Signature Types tab and manage simple or advanced electronic signature types. |
| Manage Roles | Ability to add, modify, and delete roles within the platform. Management of roles includes ability to change both General Permissions and Document-Level Permissions. Changes made to Roles impact all users that have Profiles of that Role. |
| Manage Users | Ability to create user accounts, assign roles to users, modify, and delete existing users. Also the ability to create, modify, and delete Team Inboxes. |
| Manage Retention Policies for Digital Process Manager and Request Manager | Ability to create, update, and delete for requests and processes in the People Assist solution. |
| Third-Party Apps Management | Ability to view and control third-party apps in Site Settings. |
| View the Event Log | Ability to acess the Audit Trail module and review the event logs to monitor and audit platform activity. |
| Permission | Description |
|---|---|
| Manage Signatures | Ability to view the Signature tab, including any Signatures that have already been sent or received. Ability to send Reminders to Signatures that are pending and preview the documents and download a .CSV of previously sent Signatures. This permission does not allow a user to cancel a Signature, or otherwise change it. |
| Manage Signature Creation | Ability to view, create, send reminders, download, and cancel signatures that a user has launched. If a user can Manage Signature Creation without the Manage Signatures permission, they cannot see signatures that other users have sent. A user can only send a document for signature that is tied to a Document Type that they can upload. |
| Permission | Description |
|---|---|
| View Statistics | Ability to view the Statistics tab, which includes statistics about employees, documents, Employee Vault*, and signatures. |
Role Permissions in People Assist solution
All roles are created in the UKG Document Manager solution. However, the permissions for a role are assigned in either the Document Manager or People Assist solution.
In the People Assist solution, role permissions are configured in the Admin section.
| Permission | Description |
|---|---|
| Access the Employee Information and Request History page | Ability to access the requesting employee's details including:
|
| View Requests | Ability to view lists of employee requests based on the user's scope. Depending on People Assist configuration, this permission allows you to write messages on a request, edit request fields, and execute request actions. |
| Can See Request Metadata | Can see request assignee, status, link requests |
| Archive Requests | Can archive request from status > archive option |
| Create Requests | Can create requests for an employee |
| Can Manage Request Status, Priority, and Access Level |
|
| Permission | Description |
|---|---|
| Access the Process Tab and View List of Processes |
|
| Create, Edit, and Delete Processes, and Can Own Processes |
Tip You cannot delete a process after it has launched on the platform. You must cancel launched processes via API.
|
| Permission | Description |
|---|---|
| Create and Use Answer Templates |
|
| View Article Ratings | Ability to view an article's employee feedback as a standardized rating |
| View Knowledge Base Articles | View articles published in the knowledge base |
| Create, Edit, and Delete Knowledge Base Articles | Access to create and update articles in the knowledge base |
| Create, Edit, and Delete Knowledge Base Files | Access to create and update files in knowledge base articles |
| Permission | Description |
|---|---|
| View Own Statistics | View standard statistics for your activity in the system |
| View All (Global) Statistics | View all statistics available on the platform |
| Access the Statistic Dashboard for Processes and Tasks | View standard statistics for the Digital Process Manager solution |
| Permission | Description |
|---|---|
| Access All Processes and All Requests from All Organizations | Access details pages of requests that are not from my organization |
| Can Bulk-Export Items | Export request modal, accessible from All Requests and Request Create by Me tabs |
| Delete Requests | Can delete requests that are in the status Archived |
| Create, Edit, and Delete Categories | Manage legacy knowledge base categories |
| Create, Edit, and Delete Process Templates, and Edit or Cancel Processes Created by Other Users | Access to create and update process templates used in process configuration |
| Create, Edit, and Delete Forms to be Used in Processes | Access to create and update forms used in process configuration |
| Create, Edit, and Delete Forms to be Used in Requests | Access to create and update forms used in request management |
| Create, Edit, and Delete Roles | Ability to create or update roles |
| Create, Edit, and Delete Rules | Ability to create or update trigger rules. |
| Create, Edit, and Delete Orchestration Triggers | On the trigger creation/edition page, enables the action Trigger an Orchestration |
| Create, Edit, and Delete Teams | Ability to create or update teams. |
| Create, Edit, and Delete Users | Ability to create or update user information. |
| View Admin Logs | Ability to view log of administrative actions. |
© 2023 UKG Inc. All rights reserved. For a full list of UKG trademarks, visit https://www.ukg.com/trademarks. All other trademarks, if any, are the property of their respective owners.
This document and all information contained herein are provided to you "AS IS" and UKG Inc. and its affiliates (collectively "UKG") make no representation or warranties with respect to the accuracy, reliability, or completeness of this document, and UKG specifically disclaims all warranties, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose. The information in this document is subject to change without notice. The document and its content are confidential information of UKG and may not be disseminated to any third party. No part of this document or its content may be reproduced in any form or by any means or stored in a database or retrieval system without the prior written authorization of UKG. Nothing herein constitutes legal, tax, or other professional advice. All legal, tax, or other questions or concerns should be directed to your legal counsel, tax consultant, or other professional advisor. All company, organization, person, and event references are fictional. Any resemblance to actual companies, organizations, persons, and events is entirely coincidental.