1. Home
  2. Access rights and permissions
  3. Overview of access rights

Overview of access rights

The different access right types

The user access rights determine what a specific user can do and / or view in Populum. A user’s access rights are affected by his / her position in the organization tree, as well as any extended access rights that may have been assigned to him / her manually. There are 3 different access rights types:

  • Manage organization – the right to perform changes to the organization tree (without anyone else’s approval needed). Note that all users have access to view and navigate the entire organizational tree.
  • Report access – the right to view reports within a specific organizational scope.
  • Manage accesses – the right to administer extended access rights (i.e. assign extended access rights to another user).

Access rights are always associated with an organizational scope for which the specific right are granted (e.g. a team, department, region etc.).

Default accesses

By default, what access rights a user has depend on his / her position in the organization tree:

  • Manage organization – By default, a user can make changes within the team / organization he / she manages (i.e. below oneself in the organization tree). This means that users who are not managers have no organization access at all (although everyone can view the whole organization tree as well as suggest changes).
  • Report access – By default, a user can view the reports of the team / group he / she is part of himself / herself, as well as any reports for scopes below him / her in the organization.
  • Manage accesses – By default, a user does not have permission to administer extended access rights.
Example 1

Imagine the example illustrated in Figure 1 below. John Doe has 6 direct reporting employees (Users 1 – 3 & 7 – 9), which are divided into 2 separate groups (Group X and Group Y). In Group X, there is also 1 manager (User 2), who have 3 employees (Users 4 – 6) of her own, which means that Group X has 2 organizational layers. Group Y has only 1 layer (i.e. all group members report directly to John Doe).

Illustration of Example 1

Figure 1 – Illustration of Example 1

Based on their positions in the organization tree, John and his employees has the following accesses:

  • John Doe has manage organization access to the full organization below him, and report access to all reports below him in the organization, i.e. reports A – F in Figure 2 below. In addition, he also has report access to his manager’s report, not illustrated in Figure 2 (since he is part of that team himself).
  • Users 1 – 3 have report access to the one level report for Group X (report D), as well as John Does total one level report (report A). User 2 also has manage organization access to her own team, as well as report access to her team (report F).
  • Users 4 – 6 have report access to the team they belong to (report F).
  • Users 7 – 9 have report access to the one level report for Group Y (report E), as well as John Does total one level report (report A).

Illustration of Example 1

Figure 2 – Illustration of Example 1

Extended access rights

In addition to the default access rights derived from the organization tree, user’s can also be granted extended access rights. Extended access rights are also always associated with an organizational scope, and extended access rights can for instance be granted to a department or a region.

Extended access rights also come in the same 3 different types as default access rights (see above). Extended access rights to a specific organizational scope can be granted by a user who have the access type “Manage accesses” to that specific organizational scope (or a larger scope where this scope is included). If you need help with assigning extended access rights, you are welcome to contact us.

How to grant extended access rights

If you have the necessary “Manage accesses” access to an organizational scope, you have the possibility to grant other users extended access rights to this organizational scope (or to a sub-scope). To grant another user extended access rights:

  1. Choose “Organization” in the top menu.
  2. If you have the necessary “Manage accesses” permission, you should now see a button called “Manage access“. Click this button.
  3. Choose “Add access“.
  4. Search for the user who should be grated access (via name or email) and select his / her name in the search results.
  5. Select the organizational scope to which the user should be granted access.
  6. Select the type(s) of access(es) the user should receive (see explanation of the different access types above) and click “Save”.
Updated on February 17, 2020

Was this article helpful?

Related articles