Permissions for Careers

This page contains permissions that may apply to organizations using the Careers solution.

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access FTP Account - View Grants access to the FTP account landing page where the available accounts are displayed. Currently, this permission cannot be constrained. Core Administration
Access Partner Authorization - Manage Grants ability to manage partner authorized access to portal via Partner Access Administration. This permission cannot be constrained. This is an administrator permission. Core Administration
Announcements - Post Grants ability to view, create and update/edit announcements that will appear to populations of users via the Welcome Page Inbox widget or Announcements page. This is an administrator permission. Core
Announcements - View Grants ability to view announcements created by others, via the Welcome Page Inbox widget or the Announcements page. This is an end user permission. Core
Authentication Preferences - Manage Grants ability to configure which credentials are used for authentication/re-authentication purposes throughout the system. This permission works in conjunction with the preferences that are set within each workflow that uses authentication/re-authentication. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Available Languages - Modify Grants access to choose what languages to which learning objects may be associated when users search for training. This is an administrator permission. Core Administration
Badge & Point Preferences - Manage Enables user to access and edit preferences on the Badge & Point Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration.
Batch Edit Users Grants ability to modify user records in bulk. This permission cannot be constrained. This is an administrator permission. Core Administration
Bypass IP Security Controls Grants ability to bypass defined IP Security restrictions, allowing user to log in to the portal from IP addresses that are not authorized via the IP Whitelist screen. This is an administrator permission recommended only for system administrators. Core Administration
Capabilities - Capability Models Library - Edit Grants ability to access the Capability Models Library and create and edit Capability Models. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Capability Models Library - Manage Grants ability to access the Capability Models Library and create, edit, and deactivate Capability Models. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Predicted User Proficiency Levels - View

Grants access to view the predicted proficiency level for a user's skill. This permission can be constrained to User, OU, User's OU, User's Self, User Self and Subordinates, and User's Direct Subordinates. The constraints on this permission determine for which user the predicted skill proficiency levels are visible. This is a manager permission.

As of the April 14, 2023 patch, this permission is automatically available in the default role for all users.

Core Administration
Capabilities - Skills Library Builder Grants ability to import relevant Cornerstone Skills Graph skills based on user profile data and generate skill suggestions via the Skills Library Builder page. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Skills Profile - View

Grants ability to view an employee Skills Profile. Users who have this permission may view the Skills Profile for anyone in the organization. However, individual ratings have privacy settings that control visibility within the Skills Profile. This permission cannot be constrained. This is an end user permission.

 Core Administration
Capabilities - Skills Quick Start Wizard - Manage Grants access to the Skills Quick Start Wizard administrator experience which help administrators configure and deploy skills within their organization. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Categories Grants access to the Capability Categories functionality, where administrators can create and manage capability categories. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Library - Edit Grants ability to create, edit, and copy capabilities via the Capability Library. Administrators with this permission cannot delete capabilities or change the status of a capability. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Library - Manage Grants ability to create, edit, copy, delete, import, and approve capabilities via the Capability Library. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Preferences - Manage Grants ability to create and edit expertise levels and rating scales for capabilities via Capabilities Preferences. This permission cannot be constrained. This is an administrator permission. Core Administration
Care ? Community Grants access to the Success Center link in Navigation Tabs and Links. This page enables administrators to use Single Sign On (SSO) to access the Success Center directly from their portal. This is an administrator permission. Core Administration
Change User Passwords - Administrator Grants ability to change the portal password of another user. This permission works in conjunction with the Users - View permission. This permission can be constrained by User's Corporation, OU, User's OU, User's Self and Subordinates, and User. This is an administrator permission. Core Administration
Connect FTP Folders - Manage Grants ability to connect to an FTP folder from the FTP Account Access page. This permission can be constrained by FTP Account. When constraining this permission, administrators can select any FTP account that has been associated with the portal. The constraints on this permission determine to which FTP accounts the administrator can connect. This is an administrator permission. Core
Copy Down - Cancel Allows administrator to access the Copy Down tool, view and cancel copy downs, and subscribe or unsubscribe to email notifications. This permission cannot be constrained. This is an administrator permission. Core Administration
Corporate Logo List - View Grants access to select header logo from the corporate list of images. User must also have Display Preference permission. This is an administrator permission. Core Administration
Corporate Preferences - Manage Grants ability to manage Corporate Preferences, which includes several portal-wide settings. This is an administrator permission. Core Administration
Corporate Preferences: Lockout Preferences - Manage Grants ability to configure the Lockout Preferences on the Corporate Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
Custom Login Page - Manage Grants access to create and edit custom login pages for the portal. Administrators with this permission can also enable or disable a custom login page and identify the default login page. This permission cannot be constrained. This is an administrator permission. Core Administration
Custom Pages - Manage Grants access to create and edit custom pages for the portal. This permission cannot be constrained. This is an administrator permission. Core Administration
Deep Link: Base URL Control Allows administrator to define the Base URL for all SSO module links. This is an administrator permission. Core Administration
Deep Link: Manage Allows administrator to define the Base URL for all SSO module links. This permission cannot be constrained. This is an administrator permission. Core Administration
Deep Link: View Modules Allows administrator to view the deep links URLs. This is an administrator permission. Core Administration
Define Fiscal Year Grants ability to set the fiscal year for aggregating annual training hours completed by users for display on the transcript page. This is an administrator permission. Core Administration
Display Preferences - Manage Grants ability to configure Display Preferences, including Navigation Tab theme and settings and header logo displayed to end users. This is an administrator permission. Core Administration
Display Preferences - Upload Logo Grants access to upload an image on the Display Preference Page. User must also have Display Preference permission. This is an administrator permission. Core Administration
Duplicate User Management Preferences - Manage Grants ability to access and configure management of duplicate records, including parameters used to prevent duplicates. This permission cannot be constrained. This is an administrator permission. Core Administration
Email - Edit From Address Grants ability to edit the "from" address when creating or modifying an email trigger. In addition, the Allow user to change email address option must be selected in Email Preferences. This permission works in conjunction with the Global Email Administration - Manage permission. This is an administrator permission. Core Administration
Email Preferences - Manage Grants ability to manage Email Preferences, which includes defining end users' ability to change their email address and the associated email notifications when emails are changed. This is an administrator permission. Core Administration
Employee Recognition Preferences - Manage Grants ability to create and edit employee recognition awards for use by end users. This is an administrator permission. Core Administration
Form Completion - View and Edit OU and Employee Relation Fields Allow users to view and modify organizational unit (OU) and employee relation fields when completing a form that contains the fields. The constraints on this permission determine which fields the user can view and edit when completing a form. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User Subordinates. This is an end user permission. Core
Global Email Administration - Manage Grants ability to manage email trigger templates across all active modules in the portal. Enables creating, editing and deleting email message templates for various system actions and workflows. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Global Email Administration - View Grants view only access to email templates/triggers and email logs at the global level for the portal. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Global Search - People

Grants ability to search for people via Global Search. If this permission is constrained to a specific OU, then that constraint is automatically applied within Global Search, including search filters and search results. This is an end user permission. The availability of this permission is controlled by a backend setting.

Note: In Universal Profile > Bio > Career Preferences, this permission is required for users to search for jobs.

Core
Global Search Preferences - Manage Grants ability to configure Global Search Preferences. This is an administrator permission. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. By default, this permission is constrained to the organization. Core Administration
Grades - View Grants ability to view the Grade Organizational Unit throughout the system, such as in availability drop down selectors, when editing users, etc. Those without this permission do not see the Grade OU on any screen. This is primarily an administrator permission, although organizational policy should determine whether the Grade OU should be visible to end users on reporting screens, etc. Core Administration
Grant Employee Recognition Enables users to grant recognition awards to others, using a predefined list of awards created by administrators. This is an end user permission. Core
Help Link - Manager Provides access to view the User and Manager topics in online help. This is a manager permission. Core
Help Link - System Administrator Provides access to view the User, Manager and System Administrator topics in online help. This is an administrator permission. Core
Help Link - User Provides access to view the End User topics in online help. This is an end user permission. Core
Insights Dashboard Allows user to access Insights Dashboard. This permission cannot be constrained. Core
Language Preferences - Manage Grants ability to set default language for portal/OU and set whether end users may adjust their own portal display language. This is an administrator permission. Core Administration
Log In Message - Manage Grants access to create a message that appears upon portal login to all users or a selected group/subset of users. This is an administrator permission. This permission can be constrained by OU and User's OU. Core Administration
Marketing Email Templates - Manage Grants ability to create and save Marketing Email Templates, which can be reused to send future marketing email messages to users. This is an administrator permission. Core Administration
Marketing Emails - Manage Grants ability to create and send ad hoc emails to populations of users based on their assigned org units, groups, or by user name. This is an administrator permission. Core Administration
My Account - Manage Allow users to view and modify their preferences on the My Account screen. The user must have this permission to access My Account. This permission cannot be constrained. This is an end user permission. Core
My Account Devices - Manage Manage device registrations from My Account. This permission cannot be constrained. This is an end user permission. Core
My Account Preferences - Manage Grants access to the My Account Preferences page, which allows selection of which custom fields display in My Account by OU. Define whether custom fields appear as read only or are editable, and whether entry is required. Also provides ability to customize the names of the tabs that appear in My Account. This is an administrator permission. Core Administration
My Account Social - Manage Grants ability to view and manage third party profile connections on the Social page in My Account. This is an end user permission. Core
MyTeam - Print Grants ability to configure and print out a My Team profile. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Core
MyTeam Comments - Manage Grants ability for manager (or others depending on constraints) to view Comments previously entered about their direct and indirect reports and also create new comments as well as attach files to comments. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Comments tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Core
MyTeam Search by OU Grants ability to allow users to search by division and position when viewing MyTeam. The constraints upon this permission determine the OUs that are available within the search. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Core
My Team/Talent Profile Preferences Grants ability to set display preferences for the My Team and Talent Profile screens. This permission cannot be constrained. This is an administrator permission. Core Administration
Navigation Tabs and Links - Manage Grants ability to manage Navigation Tabs and Links for the portal. This permission can be constrained by OU, User's OU, and User's Corporation. This is an administrator permission. Core Administration
Organizational Unit Custom Fields - Manage Grant Access to create and edit custom fields for Org Units. This is an administrator permission. Core Administration
Org Chart - Preferences

Grants access to the Org Chart Preferences page. This permission cannot be constrained.

 Core
Org Chart - View Grants access to the new Org Chart page for organizations with Cornerstone HR, Succession, or View. This permission can be constrained by OU, User’s OU, Users, User’s Self, User Self and Subordinates, User’s Manager, User’s Superiors, Employee Relationship, User’s Direct Subordinates, User's Subordinates. Core
Org Chart by Organization - View

Grants access to the Organization tab on the new Org Chart page. This permission cannot be constrained. This permission works in conjunction with the Org Chart - View permission. For users who do not have this permission, the Organization tab will not be available.

Note: This permission pertains to the new Org Chart functionality that is released with the February '17 release. The new Org Chart functionality is only available for organizations with Cornerstone HR, Succession, or View.

Core
OU Group - Manage Grants ability to create, copy, and edit custom groups of users without allowing ability to manage organizational units (OUs). This permission can be constrained by OU, User's OU, and Provider. This is an administrator permission. Core Administration
OU Group - Update Grants access to edit existing custom groups of users. This permission can be constrained by OU, User's OU, and Provider. This is an administrator permission. Core Administration
OU Group - View Grants access to view existing custom groups. This permission can be constrained by OU. This is an administrator permission. Core Administration
OU Hierarchy - Manage Grants ability to create and update/edit organizational units. This permission grants access to all OU types, both standard and custom. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Password Preferences - Manage Grants ability to manage Password Preferences, which includes specifying the settings for users to change their own password, or for the system to generate an anonymous password, set the specific password requirements and allowing users to reset password by answering security questions. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
People Matrix Grants access to the People Matrix functionality. This permission can be constrained to User, OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. The constraints on this permission determine which users are available in the People Matrix. This is a manager permission. Core Administration
Prevent Duplicate Users - Reconcile Grants ability to view user accounts that have been identified as potential duplicates. Administrators can only view pending user records that were created by administrators who are within the constraints on this permission. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Proxy as User Grants ability to log in as another user via proxy, for purposes of troubleshooting user issues. This is an administrator permission. The users to which the administrator has access to log in as is controlled by the users to which the administrator has access on the Users page and by the constraints upon this permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. By default, this functionality is not available for any users, including administrators. To request this permission, contact Global Customer Support. Core Administration
Report Delivery Preferences Provides access to report delivery preferences, which enables administrators to set the preferences related to custom report delivery. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Reset Password and Public Keys - Manage Grants ability to manage FTP account login password and public keys when applicable. Currently, this permission cannot be constrained. Core Administration
Security Administration - General Constraints Grants access to apply general constraints to permissions when creating/editing a security role. This permission works in conjunction with the Security Administration - Manager permission. This is an administrator permission. Core Administration
Security Administration - Manage Grants ability to create, modify and constrain security roles within the portal, and assign users to those security roles. This permission can be constrained by OU, User's OU, User, and User Self and Subordinates. This is an administrator permission. Core Administration
Security Health Check - Edit Security Issues Grants ability to edit security issue settings in the Security Health Check tool and set them to Cornerstone's recommended value. This permission cannot be constrained. This is an administrator permission. Core Administration
Security Health Check - View Grants ability to view the Security Health Check tool. This permission cannot be constrained. This is an administrator permission. Core Administration
Self Registration Groups - Manage Grants ability to create and update/edit self-registration groups, which are configured to make a self-registration page available to people who are not added to the portal via user feed. This permission can be constrained by OU, User's OU, and User's Corporation. This is an administrator permission. Core Administration
Self Registration Groups - View Grants ability to view Self Registration Groups when selecting Availability (for Training, Tasks, learning assignments, etc.) or User Criteria (for Learning Assignments). This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Self-Registration and User Record Custom Fields - Manage Grants access to manage custom fields for user Self Registration and the user record in Custom Field Administration. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Share Manager/Approver Permissions Enables managers and approvers to delegate certain types of approvals and MyTeam viewing permissions to others. This permission is only relevant to managers and approvers. Core
Single Sign On - CSOD Certificate Grants ability to view, manage, and upgrade SSO certificates and configurations. This is an administrator permission. This permission cannot be constrained. Core Administration
SSO Link to Cornerstone Success Center Grants access to an in-portal link to the Cornerstone Success Center sign in page. This is an administrator permission that should be limited to authorized client users of the Cornerstone Success Center. Core Administration
Support Information - Manage Grants ability to manage Support Information, which includes specifying an email address and phone number for end users to contact for portal support. This permission works in conjunction with the Corporate Preferences permission. This is an administrator permission. Core Administration
Task - View Grants ability to view assigned tasks via Scheduled Tasks screen and Welcome Page My Tasks widget. This is an end user permission. Core
Time Zone Preferences - Manage Grants ability to set default time zone for portal/OU and set whether end users may adjust their own portal time zone. This is an administrator permission. Core Administration
Training Data Merge - Manage Grants ability to merge the training records of multiple existing accounts and deactivate one of the accounts, if necessary. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. The applied constraints limit the users that are available to be merged and that are displayed in the History section. This is an administrator permission. Core Administration
Training Data Merge - View Grants ability to view past training record merges. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. Which records are displayed in the History section is dependent on creator constraints. This is an administrator permission. Core Administration
Universal Profile - User Record - Create Users Grants ability to access the User Record Administration page and to create new users in the system. When creating a new user, this permission grants the ability to add general information, which includes first name, last name, username, assigned OUs, and custom relationships. The administrator must have additional permissions to add any additional fields. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Universal Profile - User Record - Edit Users Grants ability to edit user records in the system. The administrator must have additional permissions to edit specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Note: This permission DOES NOT grant the ability to view user records in the system. Administrators must have the Universal Profile - User Record - View Users permission in order to view user records. Core Administration
Universal Profile - User Record - View Users Grants ability to view user records in the system. Administrators can view the Modification History page for user records within their constraints. The administrator must have additional permissions to view specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
User - Edit Absent Status on My Account Page Allows user to change absent status on My Account page. This is an end user permission. Core
User Permission and Constraint Details - View Grants ability to access the Permissions Constraints Details page for a user. This permission also grants ability to see the Permissions Constraints Details link on the Permissions page. This permission can be constrained by OU, User's OU, User, and User Self and Subordinates. This is an administrator permission. Core Administration
User Preferences - Core Information: View Grants ability to view the User Preferences administrator page. This permission does not allow administrators to modify the preferences. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - Leave Types: Manage Grants ability to manage Leave Types on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - Reasons for Change: Manage

Grants ability to define and configure Reasons for Change on the User Preferences administrator page, which may be used when modifying the user record. The administrator must also have the User Preferences - Core Information: View permission to access the User Preferences page.

This permission is also required to view and set the Reason for Change field when editing a user record.

This permission cannot be constrained. This is an administrator permission.

 Core Administration
User Preferences - Termination Reasons: Manage Grants ability to manage Termination Reasons on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - User Statuses: Manage Grants ability to manage User Statuses on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - User Types and Subtypes: Manage Grants ability to manage User Types and Subtypes on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Rating Scales - Manage

Grants ability to manage rating scales for capabilities. This permission cannot be constrained. This is an administrator permission.

This permission only works when used in conjunction with the User Rating permission.

 Core Administration
User Rating Templates - Manage

Grants ability to manage feedback templates for capabilities. This permission cannot be constrained. This is an administrator permission.

This permission only works when used in conjunction with the User Rating permission.

 Core Administration
User Ratings - Feedback Assignment

Grants ability to assign a feedback request to a specific user. This permission can be constrained to User, OU, User's OU, User Self and Subordinates, User's Self, and User's Direct Subordinates. The constraints on this permission determine which users can be selected in the feedback assignment.

 Core Administration
User Ratings - Feedback on specific person

Grants ability to request 360 feedback about a specific user. This permission is intended for administrators, managers, or other leadership roles. This permission can be constrained to User, OU, User's OU, User Self and Subordinates, and User's Direct Subordinates.

It is recommended to constrain this permission. Managers should be constrained to "User's Direct Reports." Administrators can constrain themselves or others to a diverse pool of potential raters.

 Core Administration
User Ratings - Request Others to Provide Feedback on Themselves Grants ability to request that someone rate themself. This permission is intended for administrators, managers, or other leadership roles. This permission cannot be constrained. Core Administration
User Ratings - View All Shared Ratings Grants ability to view all ratings that are shared with others in addition to the rater. This permission applies to anywhere the ratings are displayed, such as People Matrix and Skills Profile. This permission is intended for indirect managers or non-managers to be able to view rating data for users over which they have no oversight. This permission grants access to all OU types, both standard and custom. This permission can be constrained to User, OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. The constraints on this permission determine whose shared ratings the person can view. This is a manager permission. Core Administration
User Ratings - View Ratings and Feedback about Other User

Grants ability to view ratings history and rating details about other people regardless of the visibility settings on the ratings. Grants ability to view the My Feedback Requests page. Administrators with this permission can view all ratings and feedback about all other users, regardless of the visibility settings of the ratings. This permission cannot be constrained.

This permission does not bypass visibility ratings about yourself, which means users cannot use this permission to view ratings provided about themselves that are otherwise not visible to them.

This permission is intended for an administrator or talent partner who needs broad access to all ratings occurring within the portal.

Core Administration
User Ratings For end users, this permission grants ability to perform ratings and view ratings. For administrators, this permission is required along with the specific user ratings administration permissions to edit rating scales or templates. This permission cannot be constrained. Core Administration
User Record Custom Field Configurable Validations - Manage Grants ability to manage the configurable validations for user record custom fields within Custom Field Administration. This permission cannot be constrained. This is an administrator permission. This permission is only available to organizations that are using Cornerstone HR. Core Administration
User Upload Photo Enables users to upload their photo to their user record, via the My Account screen. This is an end user permission. Core
Users - Edit Bypass User Purging Grants ability to set individual users to bypass user purging on the Edit Users page. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. The availability of this permission is controlled by a backend setting. To enable this functionality, contact Global Customer Support. Core Administration
Users - Edit Core Information

Grants ability to add users and edit core information on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View and Users - View Core and Edit Custom Fields permissions. This permission cannot be constrained. This is an administrator permission.

Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:

  • Universal Profile - User Record - Create Users
  • Users - Edit General Information

This permission is obsolete following the retirement of the legacy User Record in the May '17 release.

 Core Administration
Users – Edit Custom Field Information Grants ability to view and edit the custom fields on a user record. Administrators are only able to edit a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users – Edit General Information Grants ability to edit the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users - Edit Local System ID Enables administrator to modify the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - Edit Middle Name Grants ability to modify the middle name for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Mobile Phone Grants ability to modify the Mobile Phone number for a user via the Admin/Users screen. The availability of this permission is controlled by a backend setting. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Personal Email Address

Enables administrator to edit the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator.

 Core Administration
Users - Edit Prefix Grants ability to modify the prefix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Secure User Custom Fields - Unmasked Grants the ability to edit secure user custom field info unmasked. This permission can be constrained by OU, Restrict to User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - Manage OU Based Applicability Grants access to manage OU-based Applicability for user record custom fields. This permission cannot be restrained. This is an administrator permission. Core Administration
Users - Manage Secure User Custom Fields Grants the ability to manage the setting secure user custom fields. This permission can be restrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - View Secure User Custom Fields - Masked Grants the ability to view secure user custom field info masked. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - Edit Sensitive Information: Unmasked Grants ability to view and edit unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view and edit the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - Edit Signature Grants ability to modify the signature font for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Suffix Grants ability to modify the suffix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit User ID Enables administrator to modify the User ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Absent Status Enables administrator to modify the Absent status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Active Status Enables administrator to modify the Active status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Address Enables administrator to modify the address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Approver Enables administrator to modify the specified Approver for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Email Enables administrator to modify the Email Address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Fax Enables administrator to modify the Fax number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Language Enables administrator to modify the portal display language for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Last Hire Date Enables administrator to modify the Last Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Manager Enables administrator to modify the assigned Manager for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Original Hire Date Enables administrator to modify the Original Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Phone Enables administrator to modify the Phone number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Photo Enables administrator to upload a photo for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Reconciliation Enables administrator to modify the Reconciliation status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Required Approvals Enables administrator to modify the number of required training approvals for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Time Zone Enables administrator to modify the portal time zone for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Type and Status Enables administrator to view and modify the type and status information for a user via the User Record. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users – Effective Dating: Manage Enables administrator to make effective dated changes to the user record. This permission only works when used in conjunction with the Users - Edit General Information permission. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - Manage OU Based Regex Grants access to manage OU-based Regex patterns for user custom fields. This permission cannot be restrained. This is an administrator permission. Core Administration
Users - Unlock Accounts Grants ability to unlock user accounts that are currently locked. This permission can be constrained by OU, User's OU, User's Subordinates, and User. This is an administrator permission. Core Administration
Users - View Approver Search Enables those who can search for and view users via the Admin/User screen to search by users' assigned approver. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users - View Core and Edit Custom Fields

Grants ability to view core information on a user record, including first name, last name, username, assigned OUs, custom relationships, and custom fields. This permission also includes the ability to edit any custom fields that are visible to the administrator. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission.

Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:

  • Universal Profile - User Record - Edit Users
  • Universal Profile - User Record - View Users
  • Users - Edit Custom Field Information
  • Users - View Custom Field Information
  • Users - View General Information

This permission is obsolete following the retirement of the legacy User Record in the May '17 release.

 Core Administration
Users - View Criteria Search Enables those who can search for and view users via the Admin/User screen to search by OU and Group criteria. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users – View Custom Field Information Grants ability to view the custom fields on a user record. Administrators are only able to view a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users – View General Information Grants ability to view the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Universal Profile - User Record - View Users permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users - View Local System ID Enables administrator to view the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - View Manager Search Enables those who can search for and view users via the Admin/User screen to search by users' assigned manager. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users - View Middle Name Grants ability to view the middle name for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. Core Administration
Users - View Mobile Phone Grants ability to view the Mobile Phone number for a user via the Admin/Users screen. The availability of this permission is controlled by a backend setting. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - View Modification Details Grants ability to view the Modification Details on the User Record and view User Audits fields when creating a Reporting 2.0 report. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - View Personal Email Address Enables administrator to view the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator. Core Administration
Users - View Prefix Grants ability to view the prefix for a user's name via the Admin/User screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. Core Administration
Users - View Sensitive Information: Masked Grants ability to view masked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission cannot view the actual data. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - View Sensitive Information: Unmasked Grants ability to view unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - View Signature Grants ability to view the signature font for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. This is an administrator permission. Core Administration
Users - View Suffix Grants ability to view the suffix for a user's name via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View User ID Enables administrator to view the User ID for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Absent Status Enables administrator to view the Absent status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Active Status Enables administrator to view the Active status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Address Enables administrator to view the address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Approver Enables administrator to view the specified Approver for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Email Enables administrator to view the Email Address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Fax Enables administrator to view the Fax number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Language Enables administrator to view the portal display language for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Last Hire Date Enables administrator to view the Last Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Manager Enables administrator to view the assigned Manager for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Original Hire Date Enables administrator to view the Original Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Phone Enables administrator to view the Phone number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Photo Enables administrator to view a photo for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Reconciliation Enables administrator to view the Reconciliation status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Required Approvals Enables administrator to view the number of required training approvals for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Time Zone Enables administrator to view the portal time zone for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Type and Status Grants ability to view user type and status information on the User Record. This permission cannot be constrained. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. Core Administration
Users - View Grants ability to search for and view summary information about users in the portal via the Admin/Users screen. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. If multiple constraints are added, these constraints are considered OR statements. This is an administrator permission. Core Administration
Welcome Page - View Grants access to view Welcome Page. This permission cannot be constrained. This is an end user permission. Core
Welcome Page Preferences - Manage Grants ability to configure the look and feel of the Welcome Page that users see upon logging in to the portal. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Work Force Planning - Administrator Grants access to the Headcount Planning page. Users with this permission can also create new headcount plans for any part of the organization, as well as create subplans that have been assigned to them. Administrators can only view plans that they have created or to which they were assigned as a Co-Planner or Primary Planner. This is an administrator permission. Core Administration
Work Force Planning - Cost Model Manager

Allows user to upload and manage costing files and exchange rates for Planning.

 Core Administration
Work Force Planning - Owner Grants owner-level access to plans. Users with this permission can view their assigned plans and can create plans. This permission cannot be constrained. Core Administration
Work Force Planning - Reporting Analyst Grants reporting analyst-level access to plans. Users with this permission cannot create plans or edit plan metadata. This permission cannot be constrained. Core Administration
Work Force Planning - Subplanner Grants the ability to complete subplans that have been assigned to the user as a Primary Planner or a Co-Planner. Users with this permission cannot create new headcount plans or view all plans. Within the plans assigned to them, users can assign subplans to their direct reports. Core Administration
Writing Tools - Manage Grants ability to activate or deactivate spell checker and inappropriate language filter by module, and create/manage categories for Comment Assistant used in performance tasks. This is an administrator permission. Core Administration
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Engage Respondent Allows a user to receive and participate in Engage campaigns. This permission cannot be constrained. This is an end user permission. This permission cannot be constrained. Engage
Engage - Administration Grants access to both the reporting and campaign dashboards in Engage. This permission also grants access to the Engage Library where administrators can create the components of an Engage campaign. This is an administrator permission. This permission cannot be constrained. Engage - Administration
Engage - Create Campaign Grants access to the Manage Campaigns page. Users with this permission can create new campaigns. Administrators with this permission can only act on (i.e., edit, copy, recall) campaigns that they have created. The constraints on this permission control who the administrator can select for a campaign in the Availability field. This permission can be constrained by OU or User's OU. Engage - Administration
Engage - View

Grants access to the Campaign Dashboard. The constraints on this permission control what data is visible to the user on the Campaign Dashboard. This permission can be constrained by OU, User’s OU, User Self And Subordinates, User's Corporation, Group. The data that is visible on the dashboard is controlled by the constraints set on the permission.

 Engage - Administration
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Assign OU Development Plans Grants ability to create and assign Development Plans to all users within specified organizational units or custom groups. This is an administrator permission. Performance - Administration
Assign Roles Grants ability to assign roles to those for whom the user is a manager or approver. This permission cannot be constrained. This is a manager/approver permission. Performance
Bypass Development Plan Approval During Assignment Grants permission to bypass any development plan approval requirements when submitting or assigning a development plan. This permission does not apply to development plans as part of Reviews. This is a system administration permission. Performance
Check-Ins - Create

Grants ability for the user to create and update Check-Ins. The permission constraints determine with whom the user can create Check-In discussions. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Subordinates, User's Direct Reports, User's Self, User's Manager, User's Superiors, and Employee Relationship. Users with constraints in the “Check-Ins - Create” permission cannot create a new Check-In with anyone who is not part of the constraints, but can still view and update any Check-In in which they are a participant.

This is an end user permission.

Note: Permission constraint to Employee Relationship grants permission to dotted line or secondary managers to create Check-Ins with users that report to them in the matrix structure. A constraint "Restricted to Employee Relationship: Detail Supervisor" means that the Detail Supervisor can create a Check-In with their indirect subordinate but the indirect subordinate cannot create a Check-In with their Detail Supervisor.

 Performance
Check-In Templates - Manage Grants ability to manage Check-Ins Templates. This permission cannot be constrained. This is an administrator permission. Performance
Company Goals - Create Grants access to create goals that appear to all users as "company goals." This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Bank Admin - Edit Grants ability to edit competencies in the Competency Bank. Administrators can only edit a competency if they have this permission and are also included in the Admin Visibility settings for the competency. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Bank Admin - Manage Grants ability to create, copy, edit, view, and delete competencies in the Competency Bank. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Bank Admin - View Grants ability to view competencies in the Competency Bank. Administrators can only view a competency if they have this permission and are also included in the Admin Visibility settings for the competency. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Model Admin - Edit Grants ability to edit competency models. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Model Admin - Manage Grants ability to create, edit, delete, and view competency models. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Model Admin - View Grants ability to view competency models. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Competency Assessment Model

Grants access to define competency categories, competency model categories, and the default rating scale for competency models. This permission cannot be constrained. This is an administrator permission.

For organizations using the Data Load Wizard Competency Bank Data General Information load, this permission is required to utilize custom fields in the data load.

 Performance - Administration
Competency Assessment Task Administration Grants ability to create/assign competency assessment tasks and manage activity within those tasks. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Performance - Administration
Create Employee Goals - Align When creating a goal for users other than self or subordinates, this permission allows users to search for goals by user when aligning the goal with another user's goal. Users with this permission can only search for and align their goals with users who are within their permission constraints. If a user does not have this permission, then the Search field is not available within the Alignment pop-up. This permission works in conjunction with the Create Employee Goals permission. This permission can be constrained by OU, User's OU, and User. This is an administrator permission. Performance - Administration
Development Plans - Approve Grants ability to approve or deny development plans that are pending the user's approval. This is a manager/approver permission. Performance
Development Plan Activity Types - Manage Grants ability to create and edit activity types used in the development plans and templates. This is an administrator permission. Performance - Administration
Development Plan Categories - Manage Grants ability to create and edit categories used to classify development plans. This is an administrator permission. Performance - Administration
Development Plan Custom Fields - Manage Grants access to create and edit custom fields used in development plans and templates. This is an administrator permission. Performance - Administration
Development Plan Objective Categories - Manage Grants ability to create and edit objective categories used in the development plans and templates. Performance - Administration
Development Plan Preferences - Manage Grants the ability to manage Development Plan Preferences, where various Development Plan features can be enabled or disabled according to the needs of the organization. This is an administrator permission. Performance - Administration
Development Plan Templates - Manage Grants ability to create and edit development plan templates that can be made available for use by end users. This is an administrator permission. Performance - Administration
Email Digest Administration - Manage Grants ability to create, edit, view, and delete email digests. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. The permission constraints determine which email digests the administrator can edit and delete. This is an administrator permission. Performance - Administration
Email Digest Administration - View Grants ability to view email digests. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Employee Goals - Create Allow user to Create Goals for other employees (other than self and subordinates). The constraints on this permission determine with which employees a user can align their goals. This permission can be constrained by OU, User's OU, and User. This is an administrator permission. Performance - Administration
Employee Relationships - Define Grants ability to create and manage custom user relationship roles and peer groups that are utilized in performance tasks. This is an administrator permission. Performance - Administration
Employee Relationships - Manage Grants ability to add and remove user peers and approve or deny peers that are pending approval. This access may be granted for all users or a subset of users depending on constraints. This permission also grants access to the Peers section on custom User reports. This is an administrator permission. Performance - Administration
Goal Configuration Grants ability to manage Goal Configuration, which enables configuration of goal fields as well as goal statuses. This permission can be constrained by OU and User's OU. This is an administrator permission. Performance - Administration
Goal Locking Grants ability to lock all goals for all users across entire portal from edits or updates, via option on the Corporate Preferences screen. This is an administrator permission. Performance - Administration
Goal Perspectives - Manage Grants ability to create and manage goal perspectives and categories which are used to categorize and filter goals. This is an administrator permission. Performance - Administration
Goal Preferences - Manage Grants ability to manage Goal Preferences, where various goal features can be enabled or disabled according to the needs of the organization. This permission can be constrained by OU and User's OU. This is an administrator permission. Performance - Administration
Goals - Approve Grants ability to approve or deny goals that are pending the user's approval. This is a manager/approver permission. Performance
Goals - Create

Grants ability for user to create goals for self, direct reports, and indirect reports only. Any constraint on this permission is operating as an "AND" function. This permission can be constrained by Employee Relationship, OU, User's OU, and User Self and Subordinates. This is an end user permission.

 Performance
Goals - Dynamic Assignment Option Grants ability to specify a goal as dynamically assigned, when assigning the goal to a population of users. If a goal is dynamically assigned, users who later meet the criteria will receive the goal. Performance
Goals Library Grants ability to create and edit/update goal templates within the goal library, which can then be used by employees when creating their goals. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Launch Ad Hoc Observation Checklist Enables a user to launch an ad hoc observation checklist. Having this permission does not guarantee that the user can launch an ad hoc observation checklist, only that they will have access to the Launch Observation Checklist page. There must be at least one ad hoc checklist for which the user is defined as a verifier. This permission cannot be constrained. This is an end user permission. Performance
Launch Off-Cycle Performance Review Task Enables a user to launch an off-cycle performance review task. Having this permission does not guarantee that the user can launch an off-cycle review, only that they will have access to the Launch Performance Review page. A task must still be configured properly for the user to successfully launch an off-cycle review task. This permission works only if user has been designated to launch at least one currently active off-cycle performance review task. This permission can be constrained by OU, User's Subordinates, and Employee Relationship. This is an end user permission. Performance
Manage Shared and Dynamic Goals Grants ability to turn off the dynamic behavior and edit a dynamic goal from the Edit Goals page. The administrator or manager can only view and edit goals created by users that exist within the OU constraints set for this permission. Performance
My Competency Assessments Enables users to view their own competency assessment results from the Competency Assessment Results screen. In addition, when creating a development plan and adding an objective to the plan, this permission enables users to browse recommended training and developmental actions from competency models, when this functionality is enabled in Development Plan Preferences. This is an end user permission. Performance
MyTeam Competency Assessment - Manage Grants access to MyTeam Competency Assessments page for subordinates (and other users depending on constraints). This is primarily a manager permission. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Competencies tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Performance
MyTeam Development Plans

Grants ability for manager (or others depending on constraints) to view and manage progress of development plans via MyTeam and Talent Profile. Managers can also edit a subordinate's development plan. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Dev Plans tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint.

For organizations using the Redesigned Development Plans functionality, this permission enables the user to access the Development Plans List page.

 Performance
MyTeam Goals

Grants ability for manager (or others depending on constraints) to view, edit and manage progress of Goals for their direct and indirect reports via MyTeam and Talent Profile. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Goals tab is available when viewing a user in My Team.

Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint.

Performance
MyTeam Peer Relationships - Manage Enables managers (and others depending on constraints) to view and approve peers for direct and indirect subordinates via the MyTeam screen. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Peers tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Performance
MyTeam Performance Reviews Grants ability for manager (or others depending on constraints) to view Performance Review results for their direct and indirect reports, via MyTeam and Talent Profile. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Reviews tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Performance
MyTeam To Do's - Manage Grant's access for manager (or others depending on constraints) to view "to do" tasks for their team and also create new to do's and manage progress on behalf of the user. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Create To Do's action link and To Do's section is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Performance
Observation Checklist - Add Verifier by OU Grants access to add or remove verifiers (validators) for a Checklist using the Availability control. The user must also have the View or Manage permission for Performance Observation Checklist. This is an administrator permission. Performance - Administration
Observation Checklist - Verifier Enables user to serve as the verifier for the observation checklist of another user. This permission should be included in the dynamic security role "Checklist Verifier." The role, when active, is dynamically assigned to any user who is designated as a verifier for one or more checklists. This permission can be constrained by OU and User's OU. This is an end user permission. Performance
Observation Checklist Admin - Manage Grants access to create and edit Observation Checklists, as well as view progress of users assigned to a given checklist and/or remove users from a checklist. This permission can be constrained by OU and User's OU. This is an administrator permission. Performance - Administration
Observation Checklist Admin - View Grants access to view observation checklists. This permission also enables user to see progress of all users assigned to a given checklist. This is an administrator permission. Performance - Administration
Observation Checklist User - Manage Pending Checklists Grants ability to access the Pending Checklists page and manage pending checklist approvals. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Observation Checklist User - View Checklist Grants ability to access the My Checklists page and the Checklist Details page. This permission cannot be constrained. Performance - Administration
Observation Checklists - Edit Validation Details Grants access to edit a validation record for a competency or item for a user's checklist. This is an administrator permission. Performance - Administration
Offline Performance Reviews Allow users to download and upload offline reviews. This permission works in conjunction with active performance review tasks. If the user has this permission and is assigned one or more steps of an active performance review task, that user may download the review for offline completion. This permission can be constrained by OU and User's OU. This is an end user permission. Performance
OU Goals - Create

Grants ability to create and assign goals to all users within a selected organizational unit or group. This is an administrator permission.

The constraints on this permission overwrite the constraints on the Goals - Create permission. That is, if a user has both permissions, then the constraints on the OU Goals - Create permission are applied.

 Performance - Administration
Performance Co-Planner Enables a manager to name a performance review co-planner if co-planners are enabled for the performance review task. This permission should be assigned to the default user role to avoid constraint issues. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Manager, and User's Superiors. This is an end user permission. Performance
Performance Features Self Activation Grants access to the Feature Activation Preferences page, where an administrator can activate new features associated with Performance. This is an administrator permission. Performance - Administration
Performance Review Bulk Sign Off Enables reviewers to electronically sign off on current performance review tasks in bulk. This permission cannot be constrained. This is primarily a manager permission. Performance
Performance Review Custom Fields - Manage Grants access to create and edit custom fields for Performance Reviews. This permission can be constrained by OU and User's OU. This is an administrator permission. Performance - Administration
Performance Review Distribution Report - Calibration Grants ability to adjust final overall rating for performance reviews when viewing the Performance Review Distribution report. This permission works in conjunction with the Performance Review Distribution Report permission. This permission cannot be constrained. This is an administrator permission. Performance - Administration
Performance Review Form Sections - Manage Grants ability to create and manage performance review questions and sections which are used in performance review tasks. This permission can be constrained by OU and User's OU. This is an administrator permission. Performance - Administration
Performance Review Print Preferences - Manage Grants ability to configure formatting preferences for the PDF version of performance reviews. This is an administrator permission. This permission can be constrained by OU and User's OU. Performance - Administration
Performance Review Print Preferences New UI – Manage Grants ability to configure formatting preferences for the PDF version of redesigned performance reviews. This is an administrator permission. This permission can be constrained by OU and User's OU. Performance - Administration
Performance Review Task Administration Grants ability to create/assign performance review tasks and manage activity within those tasks. This permission also gives the ability to enable and view co-planners for a task from the administration pages. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. Performance - Administration
Performance Review Task - Manage Grants ability to assign performance review tasks and manage activity within those tasks. This permission works in conjunction with the Admin Visibility settings for the performance review task. Administrators who have this permission and are within the Admin Visibility settings can view the task, edit the task, add users, and view the task details. However, the admin cannot edit the Admin Visibility settings for the task. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. The constraints on this permission control which users can be added to the task. Performance - Administration
Recommended Learning - View Recommended Learning for Others Grants ability to view the recommended learning that is generated by machine learning for another user. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU. This is a manager permission. Performance
Request Roles Grants ability to request a role from the Skills Matrix. Users can only request roles for which they are within the availability. This permission cannot be constrained. This is an end user permission. Performance
Role Management Grants ability to view, edit, and copy roles. When editing or copying a role, administrators can delete or modify an assignment. However, this permission does not grant the ability to select assignment criteria for a role. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Subordinates, and User's Direct Reports. These permission constraints limit the users to whom administrators can assign a role. Performance
Role Management – OU Assignment Grants ability to create a role. Administrators can also select assignment criteria when creating or editing a role. This permission can be constrained by OU, User's OU, User, and Self and Subordinates. Performance
Select Peers and Reviewers Grants ability to select peers and reviewers in off-cycle performance reviews. This permission can be constrained by User's Corporation, OU, and User's OU. This is an end user permission. Performance
Skills Matrix Grants access to the Skills Matrix page. This permission can be constrained by OU, User's OU, User's Direct Reports, User, User's Subordinates Only, and User Self and Subordinates. The permission constraints determine which users are available to view in the Skills Matrix. Performance
Succession Log Allows users to view and edit the Succession Log for users. The Succession Log can be accessed from Succession Tasks, Helicopter View, and Succession Snapshot. This permission cannot be constrained. However, the user must also have permission to access the target user in the corresponding locations in the system. This is an administrator and manager permission. Performance
User To Do's Grants access for user to create and manage "to do" tasks for self. This is an end user permission. Performance
View Goals

Grants ability to view own goals and (depending on role and settings) goals of others (manager's visible goals, direct subordinate's goals, company goals, division goals). This permission can be constrained by Employee Relationship, OU, User's OU, and User Self and Subordinates. This is an end user permission.

 Performance
View Performance Reviews Grants ability to view the Performance Reviews page, which displays a user's own past performance reviews as well as performance review task steps they've been assigned to complete. This also grants ability to view the Batch Rating page. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an end user permission. Performance
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Action Items - EPM Grants ability to view and take action upon Performance (EPM) items on the Action Items page and in the Your Action Items widget. This permission can be constrained by OU, User's OU, User's Self, and User's Self and Subordinates. This is an end user permission. Universal Profile
Action Items - Forms Grants ability to view Form actions via the Universal Profile - Actions page or the Welcome/Custom page Actions widget. This permission cannot be constrained. Universal Profile
Action Items - LMS Grants ability to view and take action upon Learning (LMS) items on the Action Items page. This permission can be constrained by OU, User's OU, User's Self, and User's Self and Subordinates. This is an end user permission. Universal Profile
Action Items - View Grants ability to view action items on the Action Items page and in the Your Action Items widget. Users without this permission cannot access the Action Items page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, and User's Self. This is an end user permission. Universal Profile
Bio About - View

Enables user to view the Bio page for users within their permission constraints. This permission must be enabled to view the Transcript page within Universal Profile. If a user does not have this permission and they click a person's name or user photo within the Universal Profile, then the Bio page will not open.

On the Learner Home page, this permission also allows end users to view the Completions & Hours field, the training sidebar, and the Continue Learning carousel.

This permission can be constrained by Employee Relationship, OU, User's OU, User's Direct Reports, User Self and Subordinates, and User. Note: For security purposes, this permission is constrained to User Self and Subordinates by default. However, the permission constraints can be modified to allow users to view the Bio About page for other users.

 Universal Profile
Bio About Preferences - Manage Enables administrator to access and edit the Bio About Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile
Bio Career Preferences - View Grants ability to view the Bio - Career Preferences page for users within the permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User's Direct Reports, User's Self, and User. Universal Profile
Bio Resume - View Enables user to view the Bio - Resume page for users within their permission constraints. If a user does not have permission to view the Bio - Resume page, then the Resume tab is not available. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User's Direct Reports, User's Self, and User. Universal Profile
Documents - Delete Enables user to delete a file that has been uploaded to the Snapshot - Documents page. The constraints on this permission determine which documents the user can delete. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, Self and Direct Reports, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Universal Profile
Feedback - Delete Enables user to delete a feedback post or comment on a user's page. The user can delete feedback from the Feedback page of any user who is within the permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Self. The permission constraints apply to the creator of the post or comment, not the target user. Universal Profile
Feedback - Request

Enables user to request feedback from the Feedback page of their Universal Profile. Users can only request feedback from other users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Self. This is an end user permission.

Note: This permission should not be constrained by Employee Relationship, as this constraint would not be effective and does not stop the user from requesting feedback from users outside of Employee Relationship constraint if applied.

Note: This permission should not be constrained by Restrict to Employee Relationship because the User Picker is unable to evaluate this constraint.

Universal Profile
Feedback - View and Post Enables user to view the Feedback page of the Universal Profile and to post feedback. Users can only view the Feedback page for users within their permission constraints. Similarly, users can only post feedback for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Self, and Employee Relationship. This is an end user permission. Universal Profile
Feedback Details - View Enables user to view the Feedback Details page and provide feedback when they are requested to provide feedback. This permission cannot be constrained. This is an end user permission. Universal Profile
Feedback Preferences - Manage Enables administrator to access and edit the Feedback Preferences page. From this page, administrators can configure which options are available when users are requesting and providing feedback within the Universal Profile: Feedback page. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile
Feedback - Request for other users Enables user to request feedback on behalf of other users from their Feedback page. This permission can be constrained by User's Subordinates, Direct Reports, and Custom Relationship. Universal Profile
Snapshot - Badges

Enables user to view the Badges widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. Any user with this permission will always be able to view their own Badges widget when the widget is enabled. This permission also allows end users to view the Badges field on the Learner Home page.

This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 Universal Profile
Snapshot - Compensation Enables user to view the Compensation widget within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Competencies Enables user to view the Competencies widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Development Plans

Enables user to view the Development Plans widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 Universal Profile

Snapshot Goals - Manage

Enables user to manage their own goals, and others public goals, using the Goals widget and subpage within the Universal Profile - Snapshot page, for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports.

Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

Universal Profile

Snapshot Goals - View

Enables user to view their own goals, and others’ public goals, using the Goals widget and subpage within the Universal Profile - Snapshot page, for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports.

Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

Universal Profile
Snapshot - Leaderboard Enables user to view the Leaderboard widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Any user with this permission will always be able to view their own Leaderboard widget when the widget is enabled. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Peers Grants ability to view the Peers widget within the Universal Profile - Snapshot page. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User, User's Self, User's Subordinates, and User's Direct Reports. This is an end user permission. Universal Profile
Snapshot - Reviews

Enables user to view the Reviews widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 Universal Profile
Snapshot Documents - View Grants ability to view the Documents widget and subpage within the Universal Profile - Snapshot page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. This is an end user permission. Universal Profile
Snapshot Folder Preferences - Manage Enables administrator to view the Folder Preferences Admin page and manage folder creation, access, and deletion for the Documents page within Universal Profile: Snapshot. This permission cannot be constrained. This is an administrator permission. Universal Profile
Snapshot Main - View Enables user to view the Snapshot page for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot Preferences – Manage Enables administrator to access and edit the Snapshot Preferences page. This permission can be constrained by Employee Relationship, OU, and User's OU. This is an administrator permission. Universal Profile
Snapshot Succession – Manage Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view and manage successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. Universal Profile
Snapshot Succession - View Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Universal Profile Preferences - Manage Enables administrator to access and edit the Universal Profile General Preferences page. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile

Edge and Data Load Permissions

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Data Load Wizard - Compensation Enables administrator to load compensation data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Competency Bank Enables administrator to load competency bank data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Data Load Queue Enables administrator to access the Data Load Queue screen, which displays all data loads, including current and past loads. Constraints can be applied to this permission. However, these constraints do not impact which data loads are visible to the administrator. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation – Create Enables administrator to access the Feed Summary page in order to create and edit compensation data feeds. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation – Run Feed Enables administrator to access the Feed Summary page in order to manually run a compensation data feed once it has been created. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation - Save Enables administrator to access the Feed Summary page in order to view and edit compensation data feeds. This is an administrator permission. Data Load Wizard
Data Load Wizard - Group Data Load Enables administrator to load group data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - Manage Templates Enables administrator to access the Manage Templates page within the Data Load Wizard. From the Manage Templates page, administrators can view, download, and archive templates. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - OUs Enables administrator to load OUs. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Resume Enables administrator to load resume data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Set User Password Enables administrator to set a default password for new users when loading users. This is an administrator permission. Data Load Wizard
Data Load Wizard - Track Data Loads Enables administrator to access the Track Data Loads page within the Data Load Wizard. From the Track Data Loads page, administrators can print and download error and archive logs. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - Users Enables administrator to load users. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Enable User GUID Enables the GUID in the Data Load Wizard User Load and mapping template. This enables organizations to include the GUID as the primary key for user data loads. This permission cannot be constrained. Data Load Wizard
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access Edge Bulk API History Grants access to the Bulk API History page, which displays all the loads that have been performed using the Bulk API. Administrators can select a load to view additional details of the load, including the results. This permission cannot be constrained. This is an administrator permission. Edge
Access Edge Bulk API

Grants ability to access and utilize the Bulk API. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Cost Center OU

Grants ability to use the Bulk API to load cost center organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Custom OU

Grants ability to use the Bulk API to load custom organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Division OU

Grants ability to use the Bulk API to load division organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Employee

Grants ability to use the Bulk API to load employee data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Grade OU

Grants ability to use the Bulk API to load grade organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Legal Entity OU

Grants ability to use the Bulk API to load legal entity organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Location OU

Grants ability to use the Bulk API to load location organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Position OU

Grants ability to use the Bulk API to load position organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Download Reports Access when portal opts-in for Restrict reports access - Edge Import

Grants ability to download Edge Import load details reports for loads performed by others.

Users who do not have this permission cannot download load import results for loads performed by others. In addition, users without this permission cannot load data for someone who has previously only validated their data.

This permission cannot be constrained. This is an administrator permission.

This permission is only available and applicable when the portal has enabled the restriction for Edge Import load details report access.

 Edge
Edge APIs - Manage Grants ability to manage Edge APIs on the API Management page. Edge
Edge Develop - API Explorer Grants access to the API Explorer, which provides access to help documentation for various API applications. Edge
Edge Endpoints - Create Secret Grants access to create the secret key for Edge Endpoints that are used with Webhooks. This permission can be constrained by OU and User. This is an administrator permission. Edge
Edge Endpoints - Manage Grants access to view, create, edit, and verify Edge Endpoints that are used with Webhooks. This permission can be constrained by OU and User. This is an administrator permission. Edge
Edge Integrations - Manage Grants access to the Integrations service for Edge Integrate where the administrator can configure, enable, and disable their third-party integrations that are used within the Cornerstone system. This permission cannot be constrained. This is an administrator permission. Edge
Edge Marketplace - Manage Grants access to the Marketplace service for Edge Integrate where the administrator can browse and purchase integrations that can be used to extend the Cornerstone system. This permission cannot be constrained. This is an administrator permission. Edge
Edge Webhooks - Manage Grants access to view, create, and edit Edge Webhooks. This permission can be constrained by OU and User. This is an administrator permission. Edge
Edge Webhooks - Start/Stop Grants access to start and stop Edge Webhooks. This permission can be constrained by OU and User. This is an administrator permission. Edge
Edge Webhooks - View Grants access to view Edge Webhooks. This permission can be constrained by OU and User. This is an administrator permission. Edge
Employee API - Edit

Grants ability to use the Employee API v2 to create and update users. This permission can be constrained by OU and User's OU. The constraints on this permission limit what data is accessible via the Employee API v2. This is an administrator permission.

This permission is only available when the Employee API v2 is enabled via Edge Marketplace.

 Edge
Employee API - View - Constrained

Grants ability to use the Employee API v2 to view employee data with constraints. This permission can be constrained by User, OU, and User's OU. The constraints on this permission limit what data is accessible via the Employee API v2. This is an administrator permission.

This permission is only available when the Employee API v2 is enabled via Edge Marketplace.

 Edge
Employee API - View

Grants ability to use the Employee API v2 to view employee data. This permission can be constrained by OU, and User's OU. The constraints on this permission limit what data is accessible via the Employee API v2. This is an administrator permission.

This permission is only available when the Employee API v2 is enabled via Edge Marketplace.

 Edge
External Job Application API: Manage Grants access to manage the Job Application API. This permission is automatically enabled upon enabling either the Cornerstone API bundle or the One-Click Apply with Stepstone integration. Only available if enabled by a backend setting. Edge
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access Bulk API - LMS - Curriculum Transcripts

Grants ability to use the Bulk API to load curriculum transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Curriculum

Grants ability to use the Bulk API to load curriculum learning object and structure data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Events

Grants ability to use the Bulk API to load event learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - External Training Transcripts

Grants ability to use the Bulk API to load external training transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - ILT Transcripts

Grants ability to use the Bulk API to load instructor-led training (ILT) transcript data, session transcript custom fields data, and event transcript custom fields data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - LO Availability Grants access to the LO Availability load in the Bulk API. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Bulk API - LMS - Material Transcripts

Grants ability to use the Bulk API to load material transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Material

Grants ability to use the Bulk API to load material learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Online Course

Grants ability to use the Bulk API to load online course learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Online Transcripts

Grants ability to use the Bulk API to load online transcripts data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Session Parts

Grants ability to use the Bulk API to load session parts data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Sessions

Grants ability to use the Bulk API to load event session data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test Mapping

Grants ability to use the Bulk API to load test mapping data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test Transcripts

Grants ability to use the Bulk API to load test transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test

Grants ability to use the Bulk API to load test learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Video Transcripts

Grants ability to use the Bulk API to load video transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Video

Grants ability to use the Bulk API to load video learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access CHR - Employee Load Grants access to the Cornerstone HR (CHR) employee data load via Edge Import. This permission and data load type are only available to organizations using CHR. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Grants access to the Edge Import tool, which enables administrators to load data into their portal. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Cost Center Grants access to the Cost Center organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Custom OU Grants access to the Custom organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Division Grants access to the Division organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Grade Grants access to the Grade organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Group Grants access to the Group organizational unit and Group Membership data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Legal Entity Grants access to the Legal Entity organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Location Grants access to the Location organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Position Grants access to the Position organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Curriculum Load

Grants ability to access load reports and perform Curriculum load and Curriculum Structure loads via Edge Import. This permission cannot be constrained. This is an administrator permission.

 Edge Import
Access LMS - Curriculum Transcripts Load Grants access to the Curriculum Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Certification Transcript Update Load Grants access to the Certification Transcript Update data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Evaluation Question Bank Load Grants access to the Evaluation Question Bank data load via Edge Import. This load type allows customers to create new evaluation questions and update existing evaluation questions, which can be used in Evaluation Administration when creating evaluations. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Events Load Grants access to the Events data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - External Training Load Grants access to the External Training data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Facilities Load Grants access to the Facilities data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - ILT Instructors Load Grants access to the ILT Instructors data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - ILT Transcripts Load Grants access to the ILT Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Learning Object Equivalencies Load Grants access to the Learning Object (LO) Equivalencies data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - LO Availability Feed Grants access to the LO (Learning Object) Availability data feed via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - LO Availability Load Grants access to the LO (Learning Object) Availability data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Material Transcripts Load Grants access to the Material Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Metadata Feed Grants access to the Online Content Metadata data feed via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Metadata Load Grants access to the Online Content Metadata data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Transcript Feed Grants access to the Online Content Transcript and Online Content Transcript Custom Field data feed via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Transcript Load Grants access to the Online Content Transcript and Online Content Transcript Custom Field data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Course Assets Load Grants access to the Online Course Assets data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Course Metadata Load Grants access to the Online Course Metadata data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Transcripts Load Grants access to the Online Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Providers Load Grants access to the Providers data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Question Category Load Grants access to the Question Category data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Question Load Grants access to the Question data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Session Parts Load Grants access to the Session Parts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Sessions Load Grants access to the Sessions data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Subjects Load Grants access to the Subjects data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Test Mapping Load Grants access to the Test Mapping data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Test Transcripts Load Grants access to the Test Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Tests Load Grants access to the Tests data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Video Transcripts Load Grants access to the Video Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Videos Load Grants access to the Videos data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access REC - Requisition Template Load Grants access to the Requisition Template load for Recruiting via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Create/Update Configurations Grants ability to create and update Edge Import configurations. This permission cannot be constrained. This is an administrator permission. Edge Import
Delete Configurations Grants ability to delete Edge Import configurations. Users with this permission can delete configurations created by anyone for all types of data imports. This permission cannot be constrained. This is an administrator permission. Edge Import
Delete Feeds Grants ability to delete disabled Edge Import feeds. Users with this permission can delete disabled feeds created by anyone for all types of data feeds. This permission cannot be constrained. This is an administrator permission. Edge Import
Disable Data Load Wizard

Grants access to the Disable DLW tab within the DLW Migration tool. From the Disable DLW tab, administrators can disable Data Load Wizard for the portal. This permission cannot be constrained. This is an administrator permission.

Important: Disabling a DLW type is a permanent action, and it cannot be undone. It is important to only disable a DLW type once you have fully migrated to the corresponding loads and feeds in Edge Import.

Edge Import
Edge Import - Employee Load Constrained This permission enables organizations to constrain an administrator's ability to load employee data. Administrators can only load employee data if the employee is within the constraints on this permission. This permission can be constrained by OU. This is an administrator permission. Edge Import
Edge Import - Load Employee Salary Grants access to the employee salary data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Individual Target Grants access to the individual target load for Compensation via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Review Scores and PDFs Grants access to load performance review scores and PDFs via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Salary Structures Grants access to the salary structure load for Compensation via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - User Goal Load Grants access to the User Goal Load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import

Reporting Permissions

The granular model uses the Reporting 2.0 permissions to allow you to create more specific reports by report field. For this reason, permissions are at more of a granular level with this functionality.

The permissions are broken down by the main product level permission, section level, and then at the field level. For example, if you wanted to report on Instructor Led Training (ILT) in the system, you would need:

  • The Reporting - Manage permission to create reports.
  • The Reporting - View permission to preview reports and view reports.
  • The top-level product specific permission to create reports related to that product.
    • e.g. Reporting - Learning - Manage
  • The section specific permission to create reports for that feature within the product.
    • e.g. Reporting - Learning - ILT - Manage
  • The field level permissions to be able to create reports with the specific fields for that feature within the product.
    • e.g. Reporting - Learning - ILT - ILT Facility - Manage

If a user does not have each level of permission, then they may not have access to the report builder, or the section may not be visible, or the fields within the section may not be visible. Also, if a user does not have the top-level product permission, then none of the fields for that product will be visible, such as the fields for LMS reports.

The power of this granularity of permissions is that you can give access to as many or as few fields as necessary for your users. For example, you may give users access to the User section but not give them access to the User Identifier section if that contains sensitive data for your portal.

If a user has all relevant permissions, but the backend setting for a particular area is set to FALSE, any fields related to that section will still appear blank in a report. An example where this could occur is SCORM 2004 quiz data.

Note: When a user has a top-level, section, or field level permission, it is not necessary to also assign the Reporting - Manage or Reporting - View permissions since the more granular product specific permissions will give the user access to Reporting 2.0.

Note: Due to sensitivity, users who need to report on Gender, Ethnicity and Grade information, would need the following permissions in addition to the reporting permissions:

  • For Gender: User Upload - Gender
  • For Ethnicity: User Upload - Ethnicity
  • For Grades: View Grades

List of Permissions

For the full list of permissions and their relationships, see the permissions spreadsheet.

The Reporting - Apply Owner Constraints permission grants the ability to turn on the Apply Owner Constraints setting for reports in the Report Properties panel. This setting affects shared users, delivery, and reports published to dashboards.

When the setting is enabled, the report owner's constraints are applied to the report, and users that run the report will see the report with the report owner's constraints instead of their own. For reports published to dashboards the owner constraints are only applied if the underlying report is also shared with the user. If just the dashboard is shared, but not the report itself, the users own constraints are applied even though the toggle is set to apply owner constraints.

Due to the possibility of unintended user data becoming visible to a user viewing a report with the report owner's constraints, it is recommended that filters be added to the report to restrict data visibility. It is also recommended that the report owner test the report prior to sharing to ensure the data visibility is appropriate and intended.

The Reporting - Download permission grants users the ability to download Reporting 2.0 reports. This permission cannot be constrained; however, when users download a report, any Reporting - View constraints are applied. Users with the permission see the download option on the Report Home and the Report Viewer.

For clients that have already opted in and previously activated Reporting 2.0, this new permission is added automatically to the System Administrator role and to any security role that currently has at least one Reporting - View permission.

For clients that are opting in and activating Reporting 2.0 for the first time with the August ’18 Release, this new permission is available to administrators in the System Administrator role who can then add the permission to other roles at their discretion. Users without this permission will not see any download options in the Report Home or the while Viewing Reporting 2.0 reports.

The Reporting - Email Delivery permission grants the ability to deliver reports in Reporting 2.0. Users must also have permission to view reports. The permission can be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Employee Relationship

The Reporting - FTP Delivery permission grants the ability to schedule delivery of Reporting 2.0 reports to an FTP directory. This permission cannot be constrained.

This permission is used in conjunction with the view permission for Reporting 2.0 and can also be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The Reporting - Manage Global Calculated Fields permission grants the ability to publish calculated fields to all users. This permission cannot be constrained.

Note: Calculated fields can be created by all users who have permission to create reports in Reporting 2.0. However, in order to publish the calculated field globally, a user needs permission to manage global calculated fields.

The Reporting - Recruiting - Custom Integrations - Manage permission grants access to build and manage reports in the Custom Integrations section. This permission cannot be constrained.

The Reporting - Recruiting - Custom Integrations - View permission grants access to view the Custom Integrations section in reporting. This permission cannot be constrained.

The option for sharing reports is only visible to users who have the Reporting - Share permission. Users without the permission can still receive shared reports, but constraints (for other permissions, such as Reporting - Core permissions) will be respected. For example, if you share a report that contains data around Location A and the user receiving the report is constrained to only see data for Location B, the report would not contain any records.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Relationship

The Reporting - System Templates permission grants users the ability to use all system templates. System templates are available for generating certain Learning, Core, and Performance data.

This permission works in conjunction with other Reporting 2.0 permissions. For example, users without the Reporting - Learning - View permission will not see any templates for Learning.

This permission is automatically added to the Cornerstone Administrator and System Administrator security roles in all portals that have self-enabled Reporting 2.0.

Sharing Reports Created with a System Template

When you share a report that was created using a template, the shared users will be able to view the report without needing to be granted the Reporting - System Templates permission. The permission is only needed for administrators who should distribute templates to their users.

Permission Constraints

Constraints exist at the section level for permissions. The following constraints are available:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • Learning-specific constraints:
    • Provider
    • Training Item
    • Training Type
  • Requisition-specific constraints:
    • User's Division
    • User's Position
    • User's Location
    • Division
    • Position
    • Location

Note: Constraints are applied differently for Recruiting reports. Multiple criteria for the same OU type use the OR logic (e.g., only constraints for Location OU), while inter-OU type criteria use AND logic (e.g., a constraint for Location OU and a constraint for Division OU).

For all other reports, the regular constraint logic is applied. See this Knowledge Article for more details about the general constraint logic: https://csod-external.force.com/supportcentral/s/article/Several-constraints-added-to-permission-work-as-OR-statements.

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Dashboard - Create Grants the ability to create a dashboard of one or more graphical standard reports and/or charts that can be saved and refreshed at-will to update the results on an ongoing basis. User must also have permission for at least one of the standard reports that are designated for use in dashboards, or for a Reporting 2.0 report with chart that has been published to Dashboards. If a user does not have permission to view a report type, the user cannot add that report type to the dashboard. Reports - Dashboards
Dashboard - Share Grants the ability to share a dashboard created by self with other users within the portal who may then view and refresh the results of the dashboard at-will. This permission works in conjunction with the Create Dashboard permission. Reports - Dashboards
Dashboard - View

Grants the ability to view dashboards created by self or shared by others. User must also have permission to view the standard, custom or Reporting 2.0 reports that are included in any shared dashboards. If a user does not have permission to view a report type, the user cannot view that report type within the dashboard. This is an end user permission.

 Reports - Dashboards
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Average Competency Rating Report Grants access to Average Competency Rating Report, which displays average competency ratings in columns, by user for a particular competency assessment task. Reports - Performance
Competency Assessment Freeform Question Report Grants access to Assessment Freeform Question report, which reports on responses to freeform questions from within a competency assessment tasks. Reports - Performance
Competency Assessment Gap Analysis Report Grants access to Competency Assessment Gap Analysis Report, which displays an aggregate gap analysis of each competency in an assessment for a group of users. This permission can be constrained by OU and User's OU. Reports - Performance
Competency Assessment Response Report Grants access to Competency Assessment Response Report, which displays the percentage breakdown of responses per item/behavior within a competency assessment. Reports - Performance
Competency Assessment Score Comparison Report Grants access to Assessment Score Comparison Report, which displays the percentage breakdown of competency assessment responses by item/behavior. This permission can be constrained by User Self and Subordinates. Reports - Performance
Development Plan Exception Report Grants access to the Development Plan Exception report, which displays all users who do not have an active approved development plan within a specific time period. Reports - Performance
Development Plan Group Details Report Grants access to Development Plan Group Details report, which displays the details of each development plan for a selected group of users that fall within a specific time period. Reports - Performance
Development Plan Status Report Grants access to the Development Plan Status report, which summarizes the status of all development plans for specific users during a specific time period. Reports - Performance
Employee Competency Current Ratings Report Grants access to Employee Competency Current Ratings Report, which displays current competency ratings from the user's resume or competency assessment, whichever is more recent. Reports - Performance
Employee Peers Report Grants access to Employee Peers Report, which displays approved peers for any group of users in the organization. Reports - Performance
Enterprise Competencies Report Grants access to Enterprise Competencies Report, which allows comparison of average competency scores of two groups of users. This permission can be constrained by User Self and Subordinates. Reports - Performance
Goal Details Report Grants access to Goal Details Report, which displays the details of each goal a user owns that fall within a specific time period. This permission can be constrained by OU, User's OU, and User Self and Subordinates. Reports - Performance
Goal Exception Report Grants access to Goal Exception Report, which displays all users who do not have an active approved goal within a specific time period. This permission can be constrained by OU, User's OU, and User Self and Subordinates. Reports - Performance
Goal Hierarchy Report Grants access to Goal Hierarchy Report, which displays a visual representation of the full hierarchy for a specified user's goals. Reports - Performance
Goal Progress Report Grants access to Goal Progress Report, which summarizes the progress of all goals for specific users during a specific time period. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. Reports - Performance
Goal Status Report Grants access to the Goal Status Report, which summarizes the status of all goals for specific users during a specified date range. Reports - Performance
Goal Target Report Grants access to the Goal Target report, which summarizes all goal targets for specific users during a specific time period, regardless of the goal to which they belong. This report can be run on multiple users, but is always grouped by user. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. Reports - Performance
Goal Tasks Summary Report Grants access to Goal Tasks Summary Report, which summarizes all goal tasks for specific users during a specific time period, regardless of the goal to which each task belongs. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. Reports - Performance
Individual Competency Ratings Analysis Report Grants access to Individual Competency Ratings Analysis Report, which displays assessment results in detail for one or more users. This permission can be constrained by User Self and Subordinates, OU, and User's OU. Reports - Performance
Observation Checklist Comments Report Grants access to Observation Checklist Notes report, which displays notes made on observation checklists. This permission can be constrained by User Self and Subordinates, OU, User’s OU, and User. Reports - Performance
Observation Checklist Report Grants access to the Observation Checklist report, which enables administrators to report on Observation Checklist data. This permission can be constrained by User Self and Subordinates, OU, User’s OU, and User. Reports - Performance
Performance - Task User Status Grants access to Task User Status Report. This permission can be constrained by OU, User's OU, User's Self and Subordinates, and User. Reports - Performance
Performance Review Details Report Grants access to Performance Review Group Details report, which can display multiple performance reviews for the same user within a given time range, all in a single PDF output. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Subordinates. Reports - Performance
Performance Review Distribution Report Grants access to Performance Review Distribution Report, which provides a graphical representation of the distribution of ratings for a given performance review task. This permission can be constrained by OU, User's OU, User's Self and Subordinates, and User's Subordinates. Reports - Performance
Performance Review Report Grants access to Performance Review report, which allows display and printing of a specific performance review for one user at a time. The constraints on this permission also determine for which users the administrator can print the review task PDF and review attachments when viewing the performance review task details. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. Reports - Performance
Performance Review Rating Report Grants access to Performance Review Rating Report, which displays performance review task overall and section ratings for multiple users. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User, and User's Subordinates. Reports - Performance
Performance Review Section Rating Comparison Report Grants access to Performance Review Section Rating Comparison Report, which displays individual question ratings for a review section of a performance review task for a group of users. This permission can be constrained by OU, User's OU, and User's Subordinates. Reports - Performance
Performance Review Step Status Report Grants access to Performance Review Step Status Report, which displays the status of review steps within a performance review task. This permission can be constrained by OU, User's OU, User's Direct Reports, and User Self and Subordinates. The permission constraints determine which users are available within the report. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Reports - Performance
Skills Matrix Report Grants access to Skills Matrix Report, which displays an aggregate gap analysis of each competency in an assessment for a group of users. This permission can be constrained by OU, User's OU, and User Self and Subordinates. Reports - Performance
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Dashboards Details Report Grants access to view the Dashboards Details Report, which displays details related to the dashboards in their portal, such as the dashboard creator and with whom the dashboard is shared. This permission cannot be constrained. This is an administrator permission. Reports - System
Groups Criteria Report Grants access to the Group Criteria Report, which enables organizations to retrieve the criteria defined for one or more groups in their portal. This permission cannot be constrained. Reports - System
Login Report Grants access to the Login Report, which enables organizations to report on which users have logged in to the portal and when. This permission cannot be constrained. Reports - System
OU Audit Report Grants access to OU Audit report, which displays audit information for changes made to organizational units. This permission can be constrained by OU, User's OU, and User's Corporation. Reports - System
OU Hierarchy Report Grants access to OU Hierarchy Report, which displays details of each organizational unit for a selected OU type. Reports - System
Proxy as User Report Grants access to the Proxy as User Report, which enables organizations to report on which users have logged in to the portal and when. This permission cannot be constrained. Reports - System
Reporting 2.0 Delivery Log Grants access to view the Reporting 2.0 Delivery Log, which displays user-level information about deliveries for your Reporting 2.0 Reports. Reports - System
Reporting 2.0 Report Details

Grants access to view the Reporting 2.0 Report Details, which displays information about the Reporting 2.0 reports created and ran.

The Reporting 2.0 Report Details permission can be constrained by OU and User constraints. The constraints apply to the recipient user.

The Reporting 2.0 Report Details permission will be assigned to the Cornerstone Administrator and System Administrator roles by default.

 Reports - System
Security Role Report Grants access to view the User Roles, Permission and Constraints Report, which displays user level information about roles, permissions and constraints. This permission cannot be constrained. Reports - System
Security Role - Audit Report Grants access to the Security Role - Audit Report, which enables organizations to report on which users have been assigned to which security roles and the security role modification history. This permission cannot be constrained. Reports - System
Security Role - User Permission Report Grants access to the Security Role - User Permission Report, which enables organizations to report on the roles assigned to a user and the permissions and constraints associated with those roles. This permission cannot be constrained. Reports - System
User Audit Report - Detailed Grants access to the User Audit standard report, which displays detailed changes to user data. Users with this permission must also have permission to view user fields in other areas of the system. The users and fields available in this report are controlled by additional permissions. This permission can be constrained by OU, User's OU, User's Subordinates, User's Direct Subordinates, User's Self, User Self and Subordinates, User, and Employee Relationship. The constraints on this permission limit the users and OUs that are available when running the report. This is an administrator permission. Reports - System
User Record as of a Date Grants access to run the User Record as of a Date report, which displays user data as of a specified effective date. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. The constraints on this permission limit the users and OUs that are available when running the report. Also, the constraints are based on the data as of the effective date of the report. This is an administrator permission. Reports - System
User Record Audit Report Grants access to User Record Audit report, which displays user record modification history. The selected constraints function independently and are then combined to determine the availability for this report. Reports - System
User's OUs and Groups Report Grants access to User's OUs & Groups Report, which lists all of the OUs and Groups to which a user belongs, and can include OUs and Groups to which a user has belonged in the past. Reports - System
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Employee Transcripts - Manager/Approver Access

Grants access to transcript (training record) screen of those for whom user is designated manager, approver or cost center approver. System administrators can access all user transcripts from this page. Link to this screen appears under Standard Reports/Track Employees. This is a manager/approver permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Form Management Status Report Grants access to Form Management Status report, which displays form task status summary by user. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
ILT No Show Report - Manager Version Grants access to manager version of the ILT No Show Report, which displays attendance summaries and lists of subordinates who were registered for but did not attend any parts of instructor led training sessions. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
ILT Session Withdrawal Report - Manager Version

Grants access to Session Withdrawal report for subordinates of the user. The report displays subordinates who registered and later withdrew their registration, including reasons for withdrawal. This is a manager report. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Past Training Requests Report

Grants access to Past Requests, an interactive report that displays training requests the user has already approved, deferred, or denied. The user may change the approval decision for training that an employee has not yet registered for. This is an approver permission.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Employee Records

Grants access to Employee Records, enabling manager to view basic user and transcript data for a single direct or indirect report. This is a manager permission. This permission can be constrained by User's Direct Subordinates.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Past Due Report Grants access to Employee Past Due report, which displays past due training for subordinate employees (system administrators see all employees). This is a manager report. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
Track Employees - Training Progress Pie Chart

Grants access to Employee Training Progress Summary Report, a pie chart report that displays transcript status on a single learning object for a manager's direct reports. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Training Status Summary Report

Grants access to Employee Training Status Summary Report, which displays transcript status of all training for a manager's direct reports, and allows the manager to view the transcript details for any learning object listed on the report. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee

Additional Permissions

A full list of all permissions is also available. See Security Permissions.