Skip to main content
Roles and Permissions

Give employees access to only the features they need in the Worker Experience platform by utilizing roles and permissions

Updated yesterday

Overview

The Worker Experience platform contains a variety of features and a breadth of information about your workers. The Roles & Permissions settings in the platform gives you the ability to create and customize roles with varying levels of access to different features across the platform.

Note: development to restrict access to features & information based on locations is currently still in progress.

Benefits:

  • Create custom roles based on specific job functions and/or responsibilities within your organization, with granular control over feature access

  • Update access levels per role as your organizational needs evolve

  • Assign a custom role to all existing and new users on the platform

  • Improved security with ensuring that users only have access to the features & information that they need to see


Viewing and Setting up Roles

Definitions:

A permission is tied to a specific feature, product (e.g. Onboard), or part of the platform, and can be enabled (access is granted) or disabled (access is restricted).

A role is a collection of permissions. When assigned to a user, the permissions enabled within the role determine which features they can access.

To view all available roles and set up new ones, along with viewing all available permissions, go to:

  1. The Settings page in the sidebar

  2. Click on the Roles & Permissions option:

Default roles

By default, Fountain has created three, uneditable roles to help you get started:

  1. An Administrator role with access to everything, including the ability to create & edit roles

  2. A Corporate Manager role with access to view & edit most things, but restricted access to editing/creating roles, and deleting things

  3. A Location Manager role with access to view most things, but is restricted to viewing them within the location designated on their user profile

To see which permissions are enabled for each role, click on the permission grouping header (i.e. Settings, Onboard, etc.) to view a list of permissions related to that area of the platform.

Enabled permissions will have a ✅, while disabled ones will have a ❌. Permissions for these default roles cannot be edited.

If a permission is disabled, then any users with that role will not see the option to complete that feature or task.

See the bottom of this article for a full list of available permissions, and the correlating feature that each permissions grants or restricts access to.

Custom roles

In order to create an additional role where permissions can be edited, click the + Add Role button in the top right. A pop-up will appear, asking you to input the following:

  1. Role title – Give the role a title (such as "Regional Manager").

  2. Restrictions – Add restrictions to the role. There are two restriction options:

    1. Location: User will only be able to access worker data associated with the Locations that the User is assigned to.

    2. Security groups: User is unable to access worker data associated with Security groups that the User is assigned to.

  3. Data Groups – Assign to a Data Group.

  4. Based on – Choose to replicate an existing role and its associated permissions.

    1. If selected, you can choose to toggle on Synchronize permissions with parent role. This will update the replicated role anytime changes are made to the existing role that was it was replicated from.

Once a new role has been created, you can click directly on the green check mark and red X icons to enable/disable each permission.

Note: some permissions, such as creating a new role, are read-only, and cannot be enabled.

Once you've configured the role to your liking, click the Save button in the top right.

If you ever need to edit the title of a role, or delete it complete, then hover over the name of the role in the header of the table, and click Edit or Delete:

Settings

In Settings, you can enable roles restricted by locations or security groups to view workers without location or security group assignment.


Assigning Roles to Users

By default, new users invited to the platform will be assigned the Corporate Manager role.

You can view which role each user is assigned to, and update the assigned role if needed, by:

  1. Going back to Settings

  2. Clicking on the Team settings section

  3. Find the team member whose role you would like to update and click the dropdown in the Role column (note that you cannot edit your own role):

4. Select the role you want to assign to that user, and it will be automatically assigned (no saving needed!)

That's it! The next time this user signs in, the settings of the assigned role will take effect.


Full List of all available Permissions

Below is a list of all currently-available permissions, along with more information on the feature that the permission gives or restricts access to. Links to articles with more information about different features are also included.

Note: if a permission is read-only ⛔️, then it cannot be toggled on or off for any roles.

Settings

Grouping

Permission

Settings

Analytics

Can create, edit and delete company data groups

Automation events

Can list automation events

Branded email template

Can manage branded email template

Brands

Can manage brands

Company (Company page & Company Attributes page in settings)

Can connect a company with a matching Hire account

Can create a new company attribute

Can delete a company attribute

Can view company attributes list

Can edit company information

Can edit a company attribute

Can update company messaging settings

Can edit company security settings (read-only ⛔️)

EIN

Can manage EIN

Job roles (Jobs page in Settings)

Can create a new job role

Can delete a job role

Can view job roles list

Can edit a job role

Can view a job role

Location groups

Can create a new location group

Can delete a location group

Can view location groups list

Can edit a location group

Can view a location group

Locations (Locations page in Settings)

Can create a new location

Can delete a location

Can view locations list

Can edit a location

Can view a location

Portal customization

Can edit worker portal

Can view worker portal

Roles permissions

Can create a new role (read-only ⛔️)

Can delete a role (read-only ⛔️)

Can manage roles & permissions settings (read-only ⛔️)

Can update roles & permissions matrix (read-only ⛔️)

Can update a role (read-only ⛔️)

Can view roles & permissions matrix

Rule

Can manage automations

Can manage rules

Security group

Can create a new security group

Can delete a security group

Can view security groups list

Can edit a security group

Can view a security group

SSO

Can manage SSO

Tags

Can create, edit and delete company tags

Team management (Teams page in Settings)

Can create a new employer

Can delete an employer

Can view employers list

Can update an employer data group

Can update an employer location (read-only ⛔️)

Can update an employer alternate notification email

Can update an employer role (read-only ⛔️)

Can update an employer security group (read-only ⛔️)

Webhooks

Can create a new webhook

Can delete a webhook

Can view webhooks list

Can edit a webhook

Can view a webhook

Worker history

Can manage worker history

Workers (Worker Attributes page in Settings)

Can create a new worker attribute

Can delete a worker attribute

Can view worker attributes list

Can edit a worker attribute

Workforce settings

Can manage workforce setting

Workers

Grouping

Permission

Workers

Can create a new worker

Can delete a custom attribute for a worker

Can delete workers

Can logout a worker

Can impersonate a worker

Can view custom attributes

Can view worker messages list

Can view workers list

Can send a message directly to a worker

Can edit worker information

Can upsert a custom attribute for a worker

Can see protected worker information

Can only access filtered worker information

Can view worker information

Segments

Grouping

Permission

Segments (worker segments)

Can create a new segment

Can delete a segment

Can view segments list

Can recalculate a segment (read-only ⛔️)

Can edit a segment

Scheduler

Grouping

Permission

Scheduler

Can book an appointment (from the worker perspective) (read-only ⛔️)

Can create calendar group

Can delete calendar group

Can list appointments

Can list calendar groups

Can manage calendar

Can manage calendar integration

Can update appointment

Can update calendar group

Can view calendar availability

Platform

Grouping

Permission

Platform

Can login on employer platform (read-only ⛔️)

Can access Fountain Hire

Can view notifications list (read-only ⛔️)

Can logout self (read-only ⛔️)

Can create or delete own API keys

Can manage Fountain Hire connector

Can manage Fountain Hire Partner account

Can manage Fountain Hire webhooks

Can manage referrals

Can access the PAPI healthcheck status

Can edit own employer profile (read-only ⛔️)

Can view analytics

Can login on worker platform (read-only ⛔️)

Onboard

Grouping

Permission

Onboard

Can edit onboard settings (read-only ⛔️)

Can counter-sign a document

Can create a new document template

Can delete a document template

Can view document templates list

Can view signed document

Can archive a flow

Can complete tasks assigned to a worker (read-only ⛔️)

Can create a new flow

Can view flows list

Can directly notify workers enrolled in a flow

Can update tasks assigned to a worker

Can create/update a new worker tag inside a task flow worker

Can edit a flow

Can view a flow

Partner

Can read and update partner tasks assigned to a worker

Yardstik background checks

Can view list of Yardstik packages

Compliance

Grouping

Permission

Compliance

Compliance checks

Can complete compliance checks assigned to a worker

(read-only ⛔️)

Can manage compliance check templates

Can manage compliance groups

Can manage worker documents

Can view compliance groups

I-9 Center

Grouping

Permission

I-9 Center

Can manage global I-9 Center settings

Can sync worker I-9 and W-4 profiles (read-only ⛔️)

Can view the I-9 Center related analytics

Can view everify profile

Can view list of data from employees

Can access Reports page

Checks

Can import worker with specific I-9 data

Can init I9 and W4 checks

Can view the I9 and W4 checks page

I-9 forms

Can assign tags to an I-9 form

Can view I-9 forms list

Can manage an I-9 form

Can view an I-9 form

Can view I-9 PDF

W-4 forms

Can assign tags to a W-4 form

Can view W-4 forms list

Can manage a W-4 form

Can view a W-4 form

Can view W-4 PDF

Communicate

Grouping

Permission

Communicate

Campaigns

Create and edit a campaign

Schedule, cancel, and reschedule a campaign

View a campaign

View stats for a campaign

Templates

View templates

Create, edit, & delete templates


Related Articles

⬅️ Previous article: Settings

➡️ Next articles:

Did this answer your question?