Overview
The Worker Experience platform contains a variety of features and a breadth of information about your workers. The Roles & Permissions settings in the platform gives you the ability to create and customize roles with varying levels of access to different features across the platform.
Note: development to restrict access to features & information based on locations is currently still in progress.
Benefits:
Create custom roles based on specific job functions and/or responsibilities within your organization, with granular control over feature access
Update access levels per role as your organizational needs evolve
Assign a custom role to all existing and new users on the platform
Improved security with ensuring that users only have access to the features & information that they need to see
Viewing and Setting up Roles
Definitions:
A permission is tied to a specific feature, product (e.g. Onboard), or part of the platform, and can be enabled (access is granted) or disabled (access is restricted).
A role is a collection of permissions. When assigned to a user, the permissions enabled within the role determine which features they can access.
To view all available roles and set up new ones, along with viewing all available permissions, go to:
The Settings page in the sidebar
Click on the Roles & Permissions option:
Default roles
By default, Fountain has created three, uneditable roles to help you get started:
An Administrator role with access to everything, including the ability to create & edit roles
A Corporate Manager role with access to view & edit most things, but restricted access to editing/creating roles, and deleting things
A Location Manager role with access to view most things, but is restricted to viewing them within the location designated on their user profile
To see which permissions are enabled for each role, click on the permission grouping header (i.e. Settings, Onboard, etc.) to view a list of permissions related to that area of the platform.
Enabled permissions will have a ✅, while disabled ones will have a ❌. Permissions for these default roles cannot be edited.
If a permission is disabled, then any users with that role will not see the option to complete that feature or task.
See the bottom of this article for a full list of available permissions, and the correlating feature that each permissions grants or restricts access to.
Custom roles
In order to create an additional role where permissions can be edited, click the + Add Role button in the top right. A pop-up will appear, asking you to input the following:
Role title – Give the role a title (such as "Regional Manager").
Restrictions – Add restrictions to the role. There are two restriction options:
Location: User will only be able to access worker data associated with the Locations that the User is assigned to.
Security groups: User is unable to access worker data associated with Security groups that the User is assigned to.
Data Groups – Assign to a Data Group.
Based on – Choose to replicate an existing role and its associated permissions.
If selected, you can choose to toggle on Synchronize permissions with parent role. This will update the replicated role anytime changes are made to the existing role that was it was replicated from.
Once a new role has been created, you can click directly on the green check mark and red X icons to enable/disable each permission.
Note: some permissions, such as creating a new role, are read-only, and cannot be enabled.
Once you've configured the role to your liking, click the Save button in the top right.
If you ever need to edit the title of a role, or delete it complete, then hover over the name of the role in the header of the table, and click Edit or Delete:
Settings
In Settings, you can enable roles restricted by locations or security groups to view workers without location or security group assignment.
Assigning Roles to Users
By default, new users invited to the platform will be assigned the Corporate Manager role.
You can view which role each user is assigned to, and update the assigned role if needed, by:
Going back to Settings
Clicking on the Team settings section
Find the team member whose role you would like to update and click the dropdown in the Role column (note that you cannot edit your own role):
4. Select the role you want to assign to that user, and it will be automatically assigned (no saving needed!)
That's it! The next time this user signs in, the settings of the assigned role will take effect.
Full List of all available Permissions
Below is a list of all currently-available permissions, along with more information on the feature that the permission gives or restricts access to. Links to articles with more information about different features are also included.
Note: if a permission is read-only ⛔️, then it cannot be toggled on or off for any roles.
Settings
Grouping | Permission |
Settings |
|
Analytics | Can create, edit and delete company data groups |
Automation events | Can list automation events |
Branded email template | Can manage branded email template |
Brands | Can manage brands |
Company (Company page & Company Attributes page in settings) | Can connect a company with a matching Hire account |
| Can create a new company attribute |
| Can delete a company attribute |
| Can view company attributes list |
| Can edit company information |
| Can edit a company attribute |
| Can update company messaging settings |
| Can edit company security settings (read-only ⛔️) |
EIN | Can manage EIN |
Job roles (Jobs page in Settings) | Can create a new job role |
| Can delete a job role |
| Can view job roles list |
| Can edit a job role |
| Can view a job role |
Location groups | Can create a new location group |
| Can delete a location group |
| Can view location groups list |
| Can edit a location group |
| Can view a location group |
Locations (Locations page in Settings) | Can create a new location |
| Can delete a location |
| Can view locations list |
| Can edit a location |
| Can view a location |
Portal customization | Can edit worker portal |
| Can view worker portal |
Roles permissions | Can create a new role (read-only ⛔️) |
| Can delete a role (read-only ⛔️) |
| Can manage roles & permissions settings (read-only ⛔️) |
| Can update roles & permissions matrix (read-only ⛔️) |
| Can update a role (read-only ⛔️) |
| Can view roles & permissions matrix |
Rule | Can manage automations |
| Can manage rules |
Security group | Can create a new security group |
| Can delete a security group |
| Can view security groups list |
| Can edit a security group |
| Can view a security group |
SSO | Can manage SSO |
Tags | Can create, edit and delete company tags |
Team management (Teams page in Settings) | Can create a new employer |
| Can delete an employer |
| Can view employers list |
| Can update an employer data group |
| Can update an employer location (read-only ⛔️) |
| Can update an employer alternate notification email |
| Can update an employer role (read-only ⛔️) |
| Can update an employer security group (read-only ⛔️) |
Webhooks | Can create a new webhook |
| Can delete a webhook |
| Can view webhooks list |
| Can edit a webhook |
| Can view a webhook |
Worker history | Can manage worker history |
Workers (Worker Attributes page in Settings) | Can create a new worker attribute |
| Can delete a worker attribute |
| Can view worker attributes list |
| Can edit a worker attribute |
Workforce settings | Can manage workforce setting |
Workers
Grouping | Permission |
Workers |
|
| Can create a new worker |
| Can delete a custom attribute for a worker |
| Can delete workers |
| Can logout a worker |
| Can impersonate a worker |
| Can view custom attributes |
| Can view worker messages list |
| Can view workers list |
| Can send a message directly to a worker |
| Can edit worker information |
| Can upsert a custom attribute for a worker |
| Can see protected worker information |
| Can only access filtered worker information |
| Can view worker information |
Segments
Grouping | Permission |
Segments (worker segments) |
|
| Can create a new segment |
| Can delete a segment |
| Can view segments list |
| Can recalculate a segment (read-only ⛔️) |
| Can edit a segment |
Scheduler
Grouping | Permission |
Scheduler |
|
Can book an appointment (from the worker perspective) (read-only ⛔️) | |
| Can create calendar group |
| Can delete calendar group |
| Can list appointments |
| Can list calendar groups |
| Can manage calendar |
| Can manage calendar integration |
| Can update appointment |
| Can update calendar group |
| Can view calendar availability |
Platform
Grouping | Permission |
Platform |
|
| Can login on employer platform (read-only ⛔️) |
| Can access Fountain Hire |
| Can view notifications list (read-only ⛔️) |
| Can logout self (read-only ⛔️) |
| Can create or delete own API keys |
| Can manage Fountain Hire connector |
| Can manage Fountain Hire Partner account |
| Can manage Fountain Hire webhooks |
| Can manage referrals |
| Can access the PAPI healthcheck status |
| Can edit own employer profile (read-only ⛔️) |
| Can view analytics |
| Can login on worker platform (read-only ⛔️) |
Onboard
Grouping | Permission |
Onboard |
|
| Can edit onboard settings (read-only ⛔️) |
Can counter-sign a document | |
| Can create a new document template |
| Can delete a document template |
| Can view document templates list |
| Can view signed document |
Can archive a flow | |
| Can complete tasks assigned to a worker (read-only ⛔️) |
| Can create a new flow |
| Can view flows list |
| Can directly notify workers enrolled in a flow |
| Can update tasks assigned to a worker |
| Can create/update a new worker tag inside a task flow worker |
| Can edit a flow |
| Can view a flow |
Partner | Can read and update partner tasks assigned to a worker |
Yardstik background checks | Can view list of Yardstik packages |
Compliance
Grouping | Permission |
Compliance |
|
Compliance checks | Can complete compliance checks assigned to a worker (read-only ⛔️) |
| Can manage compliance check templates |
Can manage compliance groups | |
| Can manage worker documents |
| Can view compliance groups |
I-9 Center
Grouping | Permission |
I-9 Center |
|
| Can manage global I-9 Center settings |
| Can sync worker I-9 and W-4 profiles (read-only ⛔️) |
| Can view the I-9 Center related analytics |
| Can view everify profile |
| Can view list of data from employees |
| Can access Reports page |
Checks | Can import worker with specific I-9 data |
| Can init I9 and W4 checks |
| Can view the I9 and W4 checks page |
I-9 forms | Can assign tags to an I-9 form |
| Can view I-9 forms list |
| Can manage an I-9 form |
| Can view an I-9 form |
| Can view I-9 PDF |
W-4 forms | Can assign tags to a W-4 form |
| Can view W-4 forms list |
| Can manage a W-4 form |
| Can view a W-4 form |
| Can view W-4 PDF |
Communicate
Grouping | Permission |
Communicate |
|
Campaigns | Create and edit a campaign |
| Schedule, cancel, and reschedule a campaign |
| View a campaign |
| View stats for a campaign |
Templates | View templates |
| Create, edit, & delete templates |
Related Articles
⬅️ Previous article: Settings
➡️ Next articles: