Note: This functionality is available only for customers, who subscribed to professional and enterprise plans.
Some of our customers do not want all admins to be able to manage employee data and initiate onboarding (data integrity, data protection, process consistency). This feature enables Global Admins to freely manage permissions for lower level admins (Org-unit, Location, Group admins) regarding user management capabilities and onboarding.
Limiting these capabilities is especially important for enterprises where user syncing and onboarding is centrally controlled. Such customers do not want lower-level administrators to modify this data.
Introducing this functionality will give the ability for all customers to modify these permissions for lower level admins.
The feature is available in Dashboard for all Global Admins (Dashboard → Settings → Flexible Roles).
The planned changes enable Global admins to turn on/turn off user management and onboarding permissions for lower level admins. In particular:
User management permissions - when turned off for a given admin, every employee with that role won’t be able to:
create users manually or through file import
edit user profile fields
add and remove users from Locations
add and remove users from Group
Onboarding permissions - when turned off for a given admin, every employee with that role won’t be able to:
suspend and activate users
generate login codes
send login instructions
send personalized invitations
set new passwords
Keep in mind that when roles overlap - e.g. someone is an Org-unit Admin and Group Admin at the same time - the granted permissions will affect all users seen by a given admin in the Dashboard. If, for example, the Group Admin role has "user management" permissions enabled and Org-unit Admin role has this option disabled, such a person with both roles assigned will still be able to manage all users visible in the Dashboard (i.e. those seen because of being Group Admin and those seen because of being Org-unit admin).