Employment Hero has introduced a new security permission called 'Non-Payroll details (Reporting employees)' in order for organisations to have more control over a manager's access to their reporting employee's file. This permission will replace the previous functionality where managers had the ability to view and edit their reporting employee's non-payroll details by default.
For more information on security groups, please refer to the following article: How to assign security groups
What does this mean for existing organisations?
In order to ensure existing managers do not lose their previous access levels to their reporting employee's files, a system created security group 'All Employees (default)' has been created with View, Modify and Delete access to the permission Non-Payroll details (Reporting employees).
All employees of the organisation will be added to this group automatically. However, as this group is only intended for managers, the access levels set for this permission will only apply to employees who have reporting employees.
Any new employees added to the organisation will be automatically added to this security group to minimise the need for admins to manually add them. However, if an employee is removed from this group, and later required to be part of it, it is the task of an admin to re-add the employee to the group.
What does this mean for new organisations?
Similar to existing organisations, the security group 'All Employees (default)' will be created for the organisation upon creation. Adding new employees to the organisation will work in the same way as mentioned above.
- Once an employee is terminated or deleted, the organisation may choose to remove the employee from this security group, or leave them in the event that the employee is reactivated to avoid the need to re-add them to the group.
- Owners and admins are counted in the security group's member count, but excluded in the security group's member listing as by default these roles have access to all parts of the system. This is for the purpose of the next point.
- In the event that an employee's owner/admin role is removed, their name will appear in the list and given access according to the the access levels set.
- This system created group cannot be deleted or have it's name changed. In the event that the organisation no longer wants to use this group, they can either remove all employees from the group or remove all access levels from all permissions (uncheck everything)
- A manager will be unable to Approve/Decline an employee's Certifications and Medical Disclosure Statement unless given 'Modify' access to this new permission. Please note, we are currently working on allowing this capability regardless of whether the manager has 'Modify' permission or not.