Introduction
FTE Tree provides a flexible permission system that controls what users can see and do within your organization. This article covers both permission groups, which define what actions a user can take, and approval roles, which are used to dynamically assign approvers in workflows.
Permission Groups
Permission groups are collections of individual permissions that can be assigned to users. When inviting a user to your organization, you assign one or more permission groups that determine their level of access.
How Permission Groups Work
Each permission group contains a set of permissions organized by category (such as Position, Employee, Approval, etc.). When a user is assigned a permission group, they receive all the permissions contained in that group.
Department Scoping
For many permissions, you can optionally scope them to specific departments. This means a user can have full position management access for one department, but only view access for another. When assigning a permission group to a user:
- If no departments are selected, the user has access to all departments for that permission group.
- If specific departments are selected, the user's access is limited to only those departments.
User Scoping
Some permissions can also be scoped to specific organization users. This is useful when you want a manager to only manage a specific set of users rather than all users in the organization.
- If no users are selected, the permission applies to all organization users.
- If specific users are selected, the permission is limited to managing only those users.
Default Permission Groups
When configuring your organization's user invitation settings, you can select default permission groups that are automatically assigned to new invitations. This saves time when most users receive the same level of access. The defaults can always be changed on individual invitations.
Organization Approval Roles
Organization approval roles provide a flexible way to assign users within the dynamic approval workflow logic. With approval workflows in FTE Tree assigned by department, these roles allow you to map a user, role, and department together.
How Approval Roles Work
When creating an approval workflow for your organization, you may attach a specific user to a specific workflow step, or you may attach one of these organization roles. By mapping the role to a user in a specific department, the appropriate role user is dynamically added during the creation of an approval request.
Organization roles cascade down the department tree. For example, if you assign a CFO to the top of your department tree and assign the CFO role to an approval workflow step, the CFO will be automatically included in any approval request from any department. Similarly, you may assign the director role to an approval workflow and map the appropriate director to each department in your tree.
Managing Roles
We provide a list of roles that you may use or customize as needed:
- If you wish to delete a role, ensure it is not used elsewhere before deleting it.
- An availability flag is provided, allowing roles to continue being mapped to existing departments and approval workflows but not be added to new ones.
- The organization approval roles are not required, but they offer significant convenience and flexibility to your approval workflows.
Mapping Roles to Departments
Roles are mapped to departments through the department tree settings. When configuring a department, you can assign specific users to specific roles for that department. These role-user mappings cascade down through the department tree, so a role assigned to a parent department will also apply to all child departments.
Need Help?
If you have questions about setting up permissions or roles for your organization, please contact us or email us at support@ftetree.com.