The Worker Experience platform contains a variety of features and a breadth of information about your workers. The Roles & Permissions settings in the platform gives you the ability to create and customize roles with varying levels of access to different features across the platform.
Benefits:
Create custom roles based on specific job functions and/or responsibilities within your organization, with granular control over feature access
Update access levels per role as your organizational needs evolve
Assign a custom role to all existing and new users on the platform
Improved security with ensuring that users only have access to the features & information that they need to see
Important Note:
Development to restrict access to features and information based on locations is currently still in progress.
Viewing and Setting up Roles
Definitions
A permission is tied to a specific feature, product (e.g. Onboard), or part of the platform, and can be enabled (access is granted) or disabled (access is restricted).
A role is a collection of permissions. When assigned to a user, the permissions enabled within the role determine which features they can access.
To view all available roles and set up new ones, along with viewing all available permissions, go to:
The Settings page in the sidebar
Click on the Roles & Permissions option:
Default roles
By default, Fountain has created three, uneditable roles to help you get started:
An Administrator role with access to everything, including the ability to create & edit roles
A Standard Role with access to view & edit most things, but restricted access to editing/creating roles, and deleting things
A Restricted Role with access to view most things, but is restricted to viewing them within the location designated on their user profile
To see which permissions are enabled for each role, click on the permission grouping header (i.e. Settings, Onboard, etc.) to view a list of permissions related to that area of the platform.
Enabled permissions will have a ✅, while disabled ones will have a ❌. Permissions for these default roles cannot be edited.
If a permission is disabled, then any users with that role will not see the option to complete that feature or task.
See the bottom of this article for a full list of available permissions, and the correlating feature that each permissions grants or restricts access to.
Important Note for Existing Customers:
Recently the names of default roles were updated. You may see the following in your settings. The names have changed but the permissions associated have not:
Corporate Manager = Standard Role
Local Manager = Restricted Role
Custom roles
In order to create an additional role where permissions can be edited, click the + Add Role button in the top right. A pop-up will appear, asking you to input the following:
Role title – Give the role a title (such as "Regional Manager").
Restrictions – Add restrictions to the role. There are two restriction options:
Location: User will only be able to access worker data associated with the Locations that the User is assigned to.
Security groups: User is unable to access worker data associated with Security groups that the User is assigned to.
Data Groups – Assign to a Data Group.
Based on – Choose to replicate an existing role and its associated permissions.
If selected, you can choose to toggle on Synchronize permissions with parent role. This will update the replicated role anytime changes are made to the existing role that was it was replicated from.
Once a new role has been created, you can click directly on the green check mark and red X icons to enable/disable each permission.
Important Note:
Some permissions, such as creating a new role, are read-only, and cannot be enabled.
Once you've configured the role to your liking, click the Save button in the top right.
If you ever need to edit the title of a role, or delete it complete, then hover over the name of the role in the header of the table, and click Edit or Delete:
Settings
In Settings, you can enable roles restricted by locations or security groups to view workers without location or security group assignment.
Assigning Roles to Users
By default, new users invited to the platform will be assigned the Standard Role.
You can view which role each user is assigned to, and update the assigned role if needed, by:
Going back to Settings
Clicking on the Team settings section
Find the team member whose role you would like to update and click the dropdown in the Role column (note that you cannot edit your own role):
4. Select the role you want to assign to that user, and it will be automatically assigned (no saving needed!)
That's it! The next time this user signs in, the settings of the assigned role will take effect.
All Available Permissions
Below is a list of all currently-available permissions, along with more information on the feature that the permission gives or restricts access to. Links to articles with more information about different features are also included.
Note: if a permission is read-only ⛔️, then it cannot be toggled on or off for any roles.
Settings
Settings
Grouping | Permission |
Settings |
|
Analytics | Can create, edit and delete company data groups |
Automations | Can manage automations |
Can view automation logs | |
Branded email template | Can manage branded email template |
Can read branded email template | |
Brands | Can manage brands |
Can view brands | |
Company (Company page & Company Attributes page in settings) | Can connect a company with a matching Hire account |
| Can create a new company attribute |
| Can delete a company attribute |
| Can view company attributes list |
| Can edit company information |
| Can edit a company attribute |
| Can update company messaging settings |
| Can edit company security settings (read-only ⛔️) |
EIN | Can manage EIN |
Job roles (Jobs page in Settings) | Can create a new job role |
| Can delete a job role |
| Can view job roles list |
| Can edit a job role |
| Can view a job role |
Location groups | Can create a new location group |
| Can delete a location group |
| Can view location groups list |
| Can edit a location group |
| Can view a location group |
Locationgrouptrees | Can create a new location group tree |
Can delete a location group tree | |
Can view location group trees list | |
Can edit a location group tree | |
Can view a location group tree | |
Locations (Locations page in Settings) | Can create a new location |
| Can delete a location |
| Can view locations list |
| Can edit a location |
| Can view a location |
Portal customization | Can edit worker portal |
| Can view worker portal |
Roles permissions | Can create a new role (read-only ⛔️) |
| Can delete a role (read-only ⛔️) |
| Can manage roles & permissions settings (read-only ⛔️) |
| Can update roles & permissions matrix (read-only ⛔️) |
| Can update a role (read-only ⛔️) |
| Can view roles & permissions matrix |
Security group | Can create a new security group |
| Can delete a security group |
| Can view security groups list |
| Can edit a security group |
| Can view a security group |
SSO | Can manage SSO |
Tags | Can create, edit and delete company tags |
Team management (Teams page in Settings) | Can create a new employer |
| Can delete an employer |
| Can view employers list |
| Can update an employer data group |
| Can update an employer location (read-only ⛔️) |
| Can update an employer alternate notification email |
| Can update an employer role (read-only ⛔️) |
| Can update an employer security group (read-only ⛔️) |
Webhooks | Can create a new webhook |
| Can delete a webhook |
| Can view webhooks list |
| Can edit a webhook |
| Can view a webhook |
Can manage WhatsApp integration | |
Worker history | Can manage worker history |
Workers (Worker Attributes page in Settings) | Can create a new worker attribute |
| Can delete a worker attribute |
| Can view worker attributes list |
| Can edit a worker attribute |
Workforce settings | Can manage workforce setting |
Workers
Workers
Grouping | Permission |
Workers |
|
| Can create a new worker |
| Can delete workers |
| Can logout a worker |
| Can impersonate a worker |
| Can view custom attributes |
| Can view worker messages list |
| Can view workers list |
| Can send a message directly to a worker |
| Can edit worker information |
| Can see protected worker information |
| Can see protected worker information for workers who also have an employer role |
| Can view worker information |
Segments
Segments
Grouping | Permission |
Segments (worker segments) |
|
| Can create a new segment |
| Can delete a segment |
| Can view segments list |
| Can edit a segment |
Scheduler
Scheduler
Grouping | Permission |
Scheduler |
|
Can create calendar group | |
Can create calendar setting | |
| Can delete calendar group |
Can delete calendar setting | |
| Can list appointments |
| Can list calendar groups |
Can list calendar settings | |
| Can manage calendar |
| Can manage calendar integration |
| Can update appointment |
Can update calendar availability | |
| Can update calendar group |
Can update calendar setting | |
| Can view calendar availability |
Message Inbox
Message Inbox
Grouping | Permission |
Message Inbox |
|
| Can reply to message |
Can view message inbox |
Platform
Platform
Grouping | Permission |
Platform |
|
| Can create custom analytics reports |
| Can view I9 audit analytics |
Can access Fountain Hire (available when Unified Auth is enabled) | |
Can access Hire Go (available when Unified Auth is enabled) | |
| Can create or delete own API keys |
| Can manage Fountain Hire connector |
| Can manage Fountain Hire Partner account |
| Can manage Fountain Hire webhooks |
| Can manage Fountain Hire Partner account |
| Can manage Fountain Hire webhooks |
| Can manage pool |
| Can manage referrals |
| Can access the PAPI healthcheck status |
| Can view analytics |
Onboard
Onboard
Grouping | Permission |
Onboard |
|
| Can edit onboard settings (read-only ⛔️) |
Dashboard | Can view dashboard |
Can counter-sign a document | |
| Can create a new document template |
| Can delete a document template |
| Can edit a document template |
| Can view document templates list |
Can view signed document | |
Can archive a flow | |
| Can create a new flow |
| Can view flows list |
| Can directly notify workers enrolled in a flow |
| Can update tasks assigned to a worker |
| Can create/update a new worker tag inside a task flow worker |
| Can edit a flow |
| Can view a flow |
Partner | Can read and update partner tasks assigned to a worker |
Worker | Can view workers |
Yardstik background checks | Can view list of Yardstik packages |
Communicate
Communicate
Grouping | Permission |
Communicate |
|
Can edit communicate settings (read-only ⛔️) | |
Campaigns | Create and edit a campaign |
| Schedule, cancel, and reschedule a campaign |
| Can view a campaign |
| Can view stats for a campaign |
SMS dashboard | Can view the SMS expense tracking dashboard |
Templates | Can create, edit, and delete templates |
| Can view templates |
Compliance
Compliance
Note: If you need the ability to recollect a compliance document, you must also have the permission Can manage branded email template located under Settings.
Grouping | Permission |
Compliance |
|
Compliance checks | Can manage compliance check templates |
Can manage compliance groups | |
| Can manage worker documents |
| Can view compliance groups |
Compliance V2
Compliance V2
Grouping | Permission |
Compliance V2 |
|
Dashboard | Can view compliance dashboard |
Document submissions | Can manage compliance document submissions |
Can view compliance document submissions | |
Document types | Can manage compliance documents |
| Can view compliance documents |
Documents | Can view compliance documents |
Documents templates | Can manage compliance documents |
Can view compliance documents | |
Requirements | Can manage requirements |
Can view requirements | |
Workercomplianceprofiles | Can manage worker compliance profiles |
Can view worker compliance profiles |
Pool
Pool
Grouping | Permission |
Pool |
|
Audiences | Can manage audiences |
Can view audiences | |
Campaigns | Can manage campaigns |
| Can view campaigns |
Data sources | Can manage data sources |
Can view data sources | |
Eligibility rules | Can manage eligibility rules |
Can view eligibility rules | |
Match score weights | Can manage match score weights |
Can view match score weights | |
Pool settings | Can manage pool settings |
Can view pool settings | |
Messaging rules | Can manage messaging rules |
Can view messaging rules | |
Talent | Can manage talent |
Can view talent | |
Jobs | Can manage jobs |
Can view jobs |
Pulse
Pulse
Grouping | Permission |
Pulse |
|
Survey responses | Can answer questions in a survey |
Can view a list of Pulse Check Responses | |
Pulse Checks | Can activate a Pulse Check |
| Can archive a Pulse Check |
| Can complete a Pulse Check |
Can create a Pulse Check | |
Can delete a Pulse Check | |
Can duplicate a Pulse Check | |
Can edit a Pulse Check | |
Can view Pulse Checks | |
Can create, edit, and destroy custom Pulse Check templates | |
Can nudge participants to complete a Pulse Check | |
Can pause a recurring Pulse Check | |
Can view Pulse Dashboard | |
Can view a Pulse Check |
Referral
Referral
Grouping | Permission |
Referral |
|
Applications | Can create a referral application |
| Can view referral applications |
| Can update a referral application |
| Can update a referral application |
Can view an individual referral applications | |
Campaigns | Can create referral campaigns |
Can view referral campaigns list | |
Can update referral campaigns | |
Can view individual referral campaigns | |
Incentives | Can create a referral incentive |
| Can view referral incentives |
Can update a referral incentive | |
Can view an individual referral incentive | |
Metrics | Can create a referral metric |
Can view referral metrics | |
Can update a referral metric | |
Can view an individual referral metric | |
Recurring report receipts | Can create a referral recurring report receipt |
Can view referral recurring report receipts | |
Can update a referral recurring report receipt | |
Can view an individual referral recurring report receipt | |
Recurring reports | Can create a referral recurring reports |
Can delete a referral recurring reports | |
Can view referral recurring reports | |
Can update a referral recurring reports | |
Can view an individual referral recurring reports | |
Settings | Can create a referral setting |
Can view referral settings | |
Can update a referral setting | |
Can view an individual referral setting | |
Workers | Can view referral workers |
Can view an individual referral worker |
I-9 Center
I-9 Center
Grouping | Permission |
I-9 Center |
|
| Can manage global I-9 Center settings |
| Can sync worker I-9 and W-4 profiles (read-only ⛔️) |
| Can view the I-9 Center related analytics |
| Can view everify profile |
| Can view list of data from employees |
| Can access Reports page |
Checks | Can import worker with specific I-9 data |
| Can init I9 and W4 checks |
| Can view the I9 and W4 checks page |
I-9 forms | Can assign tags to an I-9 form |
| Can view I-9 forms list |
| Can manage an I-9 form |
Can set the skip E-Verify flag on an I-9 profile | |
| Can view an I-9 form |
| Can view I-9 PDF |
W-4 forms | Can assign tags to a W-4 form |
| Can view W-4 forms list |
| Can manage a W-4 form |
| Can view a W-4 form |
| Can view W-4 PDF |
Shift
Shift
Grouping | Permission |
Shift |
|
Activity log | Can undo attendance activity log |
Can view attendance activity log | |
Attendance demand | Can create demand |
Attendance policies | Can edit attendance policies |
Can view attendance policies | |
Rules | Can perform clock actions |
Can create shift rules | |
Can manage condition templates | |
Can manage shift rules | |
Can update existing rules | |
Can view rules | |
Shift tags | Can create shift tags |
Shifts | Can create new shifts |
Can edit existing shifts | |
Can publish shifts | |
Can view shifts | |
Time-off | Can create time-off |
Can edit time-off | |
Can view time-off | |
Timesheets | Can update timesheet status |
Can create new timesheets | |
Can edit existing timesheets | |
Can export timesheets | |
Can view timesheets | |
Worker availabilities | Can create worker availabilities |
Can manage worker availabilities | |
Worker preferences | Can create worker preferences |
Worker requests | Can create worker requests |
Support
Support
Grouping | Permission |
Support |
|
Agent workflows | Can manage agent Workflows |
Can view agent Workflows | |
Message inbox | Can reply to message |
Can view message inbox | |
Settings | Can edit Support settings |
Can manage rules | |
Can manage sla | |
Can manage tags | |
Can view Support settings | |
Can view rules | |
Can view sla | |
Can view tags | |
Tickets | Can manage tickets |
Can view tickets |
Related Articles
⬅️ Previous article: Settings
➡️ Next article: Jobs and Locations