Understanding Permissions, Authorization, and Roles
Learn how to effectively establish your organization’s hierarchy in WorkCompass.
Concept
WorkCompass utilizes a simple hierarchical structure that determines user access and permissions. Each role, referred to as "Authorization" in WorkCompass, cascades from the previous one, meaning higher roles inherit the permissions of lower roles.
Employee
An Employee is the primary user type in the system, allowing them to create, view, and update their performance plan.
Manager
A Manager is a user type typically assigned to employees who have subordinates or manage a team. This authorization allows them to review and manage their subordinates' performance plans and update their profiles.
Divisional Admin
A Divisional Admin has permission to manage all aspects of the division(s) assigned to them. This role is typically given to individuals overseeing multiple teams and managers, with responsibilities such as setting goals at the division level. While there is a distinction between departments and divisions in WorkCompass, this role can also be assigned to employees managing a department or multiple departments or divisions.
Admin
The Admin role has the highest level of authorization and is typically granted to Human Resources administrators and/or leadership. It provides unrestricted access to all system features and data.
Special Permission
Technical Admin
The Technical Admin permission is an add-on that can be assigned to any user type (Authorization), allowing access to technical configurations within WorkCompass. A common use case is for employees working in IT who need to set up integrations or Single Sign On (SSO). This permission grants access to technical features without providing visibility into user performance plans or other sensitive information.
Additional Reviewer
An Additional Reviewer is any manager, or above a specified level who is required to review another employee's performance plan.
It must be someone in a direct line of authority above the reviewee's hierarchy.
Reviewer: Typically the manager or person responsible for rating a performance plan.
Reviewee: The subject of the performance plan, who can have any authorization type.
Permissions
Profiles
When using a third-party integration, certain fields are automatically overwritten by the third party, as it is considered the source of truth. If a field is imported from the third party, any updates should be made there. Changes made in WorkCompass to these fields will be automatically overwritten by the third-party data.
When editing own profile
| Actions | Employee | Manager | Divisional Admin | Admin |
| Name | ✅ | ✅ | ✅ | |
| ✅ | ✅ | ✅ | ||
| Manager | ✅ | ✅ | ✅ | |
| Authorisation | ✅ | ✅ | ✅ | |
| Technical Admin | ✅ | |||
| Job title | ✅ | ✅ | ✅ | ✅ |
| Photo | ✅ | ✅ | ✅ | ✅ |
| Job description | ✅ | ✅ | ✅ | ✅ |
| Bio | ✅ | ✅ | ✅ | ✅ |
| Admin division | Manage all | |||
| Division | ✅ | |||
| Department | ✅ | ✅ | ✅ | |
| Employee Number | ✅ | ✅ | ||
| Location | ✅ | ✅ | ✅ | ✅ |
| Function | ✅ | ✅ | ✅ | ✅ |
| Additional reviewers | ✅ | ✅ | ✅ |
A Manager can only elevate authorization for their direct subordinate and up to their own rank.
A Divisional Admin can elevate authorization for their direct subordinate or any member within their division, but only up to the Divisional Admin level.Manager and Divisional Admin Profile Additional Permissions
Managers and Divisional Admins can update only a limited set of fields for their subordinates.
Editable Fields:
- Authorization: can only promote subordinates up to their own rank.
- Name
- Department
- Employee Number
- Division (only for Divisional Admins)