User Role Permission based on attribute hierarchy

Question

Hi!&nbsp;&nbsp;I understand that we can provide users with access based on attribute hierarchy.&nbsp;Using department hierarchy (Divisons &gt; Departments &gt; Sub-Department) as an example and I would like to provide my department heads (new user role created) with access to the respective departments they are tagged to, should I be providing them with&nbsp;(a) "custom" access and do it manually for each, or(b) select the department hierarchy to the "department" level- will the departmentheads be given the access to data of all departments or will they be only given access to the department they are tagged to in the attribute report?&nbsp;&nbsp;Thanks alot!

alanderfield · Answer

Hello&nbsp;Jing_Ying_Choon,&nbsp;
&nbsp;
If the attribute that is selected accurately aligns the department heads to their department, then you can use the attribute permission that is setup at the user role level.&nbsp; If this does not show the correct relationship for each user, you can work with the customer to update the attributes as they are received on the user file.
&nbsp;
In your example, if a department head is aligned to a specific attribute "department hierarchy", then they would see data only where they are listed as the department head and not across the entire organization. If for some reason the department hierarchy does not show the correct alignment and the customer is unable to update the hierarchy from their HRIS, then you can look into creating custom access for each user.&nbsp; I would try to avoid this as you would have to maintain this as the hierarchy changes.&nbsp;
&nbsp;
I hope this helps and let us know if you have any further questions.&nbsp;
&nbsp;

jing_ying_choon · Answer

Hi alanderfield, thanks so much for your help! Sorry but I seem to have lost you a little there.

Please see below if my understanding of your explantation is correct-

Using Employee A as an employee - he works in the HR division (dept hierarchy level 1) and Recruitment department (dept hierarchy level 2)

Let's say I create a new role with access using 'department hierarchy' and I add him in...
(a) Will be receive data based on his level 1 department hierarchy tag (aka the HR data)
or
(b) he will not receive any data in this case (can you then explain what does providing access with "hierarchy" actually do?)

So in the case where I want employee A to receive the data to the entire HR division, then what I should do is the following-
step 1: create an additional "Department head" attribute and mark him as "Yes"
step 2: create a custom user role and include all employees marked yes under "Department head" and in the "HR" division

Hope this is clear! Thanks again!

jing_ying_choon · Answer

hi alanderfield, appreicate your reply, thanks!

alanderfield · Answer

Hello&nbsp;Jing_Ying_Choon,
&nbsp;
Viva Glint's Hierarchy reporting will give the user access to all users within the hierarchy they permissioned for within the user role.&nbsp; The user file will determine what values the user will see and have access to for each level of the hierarchy.&nbsp; In the below example, the user would have access to any users under the Subfunction of "User Support" as it sits within the above levels.&nbsp; In your example, if the user has access to "HR" Department (Level 2) then they would see all "HR".&nbsp;&nbsp;
&nbsp;

Departmental Level 1 – Company (ex: Thrive)
Departmental Level 2 – Department (ex: IT)
Departmental Level 3 – Function (ex: Operations)
Departmental Level 4 – Subfunction (ex: User Support)

In your scenario for "HR" it may be more efficient to create a standalone (non-hierarchy) attribute that calls out all the departments.&nbsp; "HR" could be one of values, and if your user has "HR" on the user file under the "Department" attribute, then they would see all additional users that have "HR" listed.&nbsp; This same attribute could be used for additional departments such as "IT".&nbsp; Let me know if this makes sense, otherwise I am happy to walk through this on our next office hours if you are able to join.&nbsp; The below public link may also provide some guidance that you can reference as you look into setting up hierarchies.&nbsp;
&nbsp;
Viva Glint organizational hierarchy fundamentals | Microsoft Learn

jing_ying_choon · Answer

Hi alanderfield,Thanks this is clear!So whichever hierarchy level the employee is tagged to, he/she will receive data of all employees belonging to the same level (should hierarchy reporting is turned on for him/her). Thanks again!

Forum Discussion

User Role Permission based on attribute hierarchy

5 Replies