In This Article
Introduction
FTE Tree provides a flexible permission system that controls what users can see and do within your organization. This article covers permissions, which define what actions a user can take, and approval roles, which are used to dynamically assign approvers in workflows.
Permissions
Permissions are assigned directly to each user when they are invited to your organization or when their access is updated. Each user has a single set of permissions that determines their level of access.
Permission Codes
The following permission codes are available:
| Permission | Family | Description | Department Scoped |
|---|---|---|---|
| View Positions | Position | View position details for a specific set of departments. | Yes |
| Edit Positions | Position | Create and update positions for a specified set of departments. | Yes |
| Position Requests | Position | Create position change requests for a specified set of departments. | Yes |
| Override Approvals | Approval | Override or cancel approval requests made by other users for filtered departments. | Yes |
| Requisitions | Requisition | View, create, and update position requisitions and requisition settings. | Yes |
| Employees | Employee | Create and update employees, employee attributes, and employee settings. | No |
| Reports | Report | View, download, and generate reports. | Yes |
| Position Configuration | Position Settings | Manage position settings, job codes, pay grades, wage adjustments, annual hours, summary groups, and attributes. | No |
| Department Admin | Department | Manage the department tree, organization roles, department role users, department approval workflows, department GL values, and department attributes. | No |
| Approval Workflows | Approval | Manage approval workflows, steps, levels, attachments, and approver reassignment. | No |
| Forecast Scenarios | Position Settings | Create and manage forecast scenarios, scenario overrides, and scenario adjustments. | No |
| Organization Settings | Administration | Manage organization general settings including authentication methods, timezone, and organization name. | No |
| User Management | Administration | Manage organization users, invitations, and user settings. | No |
| Data Import | Administration | Import, confirm, and reverse batch data imports. | No |
| Billing | Administration | Update the organization's subscription and billing account information. | No |
Department Scoping
Six of the fifteen permissions can be scoped to specific departments: View Positions, Edit Positions, Position Requests, Override Approvals, Requisitions, and Reports. When assigning permissions to a user:
- All Departments: The user has access to all departments for their department-scoped permissions.
- Specific Departments: The user's access is limited to only the selected departments and their descendants in the department tree.
GL Segment Filters
If your organization uses GL segments, you can also scope a user's department access using GL segment values. When GL segment filters are configured on a user's permissions, departments matching those filter values are included in the user's access.
- GL segment filters are combined with any explicitly selected departments. The user has access to departments from either source.
- When filtering across multiple GL segments, a department must match at least one value from each segment (AND logic across segments, OR logic within a segment).
- Child departments inherit GL values from their parent departments.
GL segment filters only appear in the permission form when your organization has GL segments configured.
Org Chart Access
The organization chart is accessible to all authenticated users in your organization. No specific permission is required.
Approval Access
Users who are assigned as approvers in an approval workflow can view and act on approval requests without needing a separate permission. If a user is assigned to a workflow step, either directly or through an approval role, they automatically have access to approve requests for that step. To cancel or override requests created by other users, the Override Approvals permission is required.
Organization Approval Roles
Organization approval roles provide a flexible way to assign users within the dynamic approval workflow logic. With approval workflows in FTE Tree assigned by department, these roles allow you to map a user, role, and department together.
How Approval Roles Work
When creating an approval workflow for your organization, you may attach a specific user to a specific workflow step, or you may attach one of these organization roles. By mapping the role to a user in a specific department, the appropriate role user is dynamically added during the creation of an approval request.
Organization roles cascade down the department tree. For example, if you assign a CFO to the top of your department tree and assign the CFO role to an approval workflow step, the CFO will be automatically included in any approval request from any department. Similarly, you may assign the director role to an approval workflow and map the appropriate director to each department in your tree.
Managing Roles
We provide a list of roles that you may use or customize as needed:
- If you wish to delete a role, ensure it is not used elsewhere before deleting it.
- An availability flag is provided, allowing roles to continue being mapped to existing departments and approval workflows but not be added to new ones.
- The organization approval roles are not required, but they offer significant convenience and flexibility to your approval workflows.
Mapping Roles to Departments
Roles are mapped to departments through the department tree settings. When configuring a department, you can assign specific users to specific roles for that department. These role-user mappings cascade down through the department tree, so a role assigned to a parent department will also apply to all child departments.
Escalation Roles
Each organization approval role can optionally specify an escalation role. When an approval request step has been pending beyond the escalation threshold, users assigned to the escalation role in the request's department (or its ancestors in the department tree) are automatically added as backup approvers and notified via email.
For example, if a "Department Manager" role has its escalation role set to "Division Director", then when a step assigned to the Department Manager role exceeds the escalation threshold, users assigned the Division Director role in the same department branch will be added as backup approvers.
The escalation role must be an available role within the same organization and cannot reference itself. Escalation roles are configured when creating or editing an organization approval role.
Need Help?
If you have questions about setting up permissions or roles for your organization, please contact us or email us at support@ftetree.com.