Permissions for Cornerstone HR

This page contains permissions that may apply to organizations using the Cornerstone HR solution.

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Benchmark Total Access This permission provides total access to the Benchmark metrics and functionality. Benchmark - Administration

 

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access FTP Account - View Grants access to the FTP account landing page where the available accounts are displayed. Currently, this permission cannot be constrained. Core Administration
Access Partner Authorization - Manage Grants ability to manage partner authorized access to portal via Partner Access Administration. This permission cannot be constrained. This is an administrator permission. Core Administration
Announcements - Post Grants ability to view, create and update/edit announcements that will appear to populations of users via the Welcome Page Inbox widget or Announcements page. This is an administrator permission. Core
Announcements - View Grants ability to view announcements created by others, via the Welcome Page Inbox widget or the Announcements page. This is an end user permission. Core
Authentication Preferences - Manage Grants ability to configure which credentials are used for authentication/re-authentication purposes throughout the system. This permission works in conjunction with the preferences that are set within each workflow that uses authentication/re-authentication. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Available Languages - Modify Grants access to choose what languages to which learning objects may be associated when users search for training. This is an administrator permission. Core Administration
Badge & Point Preferences - Manage Enables user to access and edit preferences on the Badge & Point Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration.
Batch Edit Users Grants ability to modify user records in bulk. This permission cannot be constrained. This is an administrator permission. Core Administration
Bypass IP Security Controls Grants ability to bypass defined IP Security restrictions, allowing user to log in to the portal from IP addresses that are not authorized via the IP Whitelist screen. This is an administrator permission recommended only for system administrators. Core Administration
Capabilities - Capability Models Library - Edit Grants ability to access the Capability Models Library and create, edit, and copy Capability Models. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Capability Models Library - Manage Grants ability to access the Capability Models Library and create, edit, copy, and deactivate Capability Models. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Skills Library Builder Grants ability to import relevant Cornerstone Skills Graph skills based on user profile data and generate skill suggestions via the Skills Library Builder page. This permission cannot be constrained. This is an administrator permission. Core Administration
Capabilities - Skills Profile - View

Grants ability to view an employee Skills Profile. Users who have this permission may view the Skills Profile for anyone in the organization. However, individual ratings have privacy settings that control visibility within the Skills Profile. This permission cannot be constrained. This is an end user permission.

 Core Administration
Capabilities - Skills Quick Start Wizard - Manage Grants access to the Skills Quick Start Wizard administrator experience which help administrators configure and deploy skills within their organization. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Library - Edit Grants ability to create, edit, and copy capabilities via the Capability Library. Administrators with this permission cannot delete capabilities or change the status of a capability. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Library - Manage Grants ability to create, edit, copy, delete, import, and approve capabilities via the Capability Library. This permission cannot be constrained. This is an administrator permission. Core Administration
Capability Preferences - Manage Grants ability to create and edit expertise levels and rating scales for capabilities via Capabilities Preferences. This permission cannot be constrained. This is an administrator permission. Core Administration
Care ? Community Grants access to the Success Center link in Navigation Tabs and Links. This page enables administrators to use Single Sign On (SSO) to access the Success Center directly from their portal. This is an administrator permission. Core Administration
Change User Passwords - Administrator Grants ability to change the portal password of another user. This permission works in conjunction with the Users - View permission. This permission can be constrained by User's Corporation, OU, User's OU, User's Self and Subordinates, and User. This is an administrator permission. Core Administration
Connect FTP Folders - Manage Grants ability to connect to an FTP folder from the FTP Account Access page. This permission can be constrained by FTP Account. When constraining this permission, administrators can select any FTP account that has been associated with the portal. The constraints on this permission determine to which FTP accounts the administrator can connect. This is an administrator permission. Core
Corporate Logo List - View Grants access to select header logo from the corporate list of images. User must also have Display Preference permission. This is an administrator permission. Core Administration
Corporate Preferences - Manage Grants ability to manage Corporate Preferences, which includes several portal-wide settings. This is an administrator permission. Core Administration
Corporate Preferences: Lockout Preferences - Manage Grants ability to configure the Lockout Preferences on the Corporate Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
Custom Login Page - Manage Grants access to create and edit custom login pages for the portal. Administrators with this permission can also enable or disable a custom login page and identify the default login page. This permission cannot be constrained. This is an administrator permission. Core Administration
Custom Pages - Manage Grants access to create and edit custom pages for the portal. This permission cannot be constrained. This is an administrator permission. Core Administration
Deep Link: Base URL Control Allows administrator to define the Base URL for all SSO module links. This is an administrator permission. Core Administration
Deep Link: Manage Allows administrator to define the Base URL for all SSO module links. This permission cannot be constrained. This is an administrator permission. Core Administration
Deep Link: View Modules Allows administrator to view the deep links URLs. This is an administrator permission. Core Administration
Define Fiscal Year Grants ability to set the fiscal year for aggregating annual training hours completed by users for display on the transcript page. This is an administrator permission. Core Administration
Display Preferences - Manage Grants ability to configure Display Preferences, including Navigation Tab theme and settings and header logo displayed to end users. This is an administrator permission. Core Administration
Display Preferences - Upload Logo Grants access to upload an image on the Display Preference Page. User must also have Display Preference permission. This is an administrator permission. Core Administration
Duplicate User Management Preferences - Manage Grants ability to access and configure management of duplicate records, including parameters used to prevent duplicates. This permission cannot be constrained. This is an administrator permission. Core Administration
Email - Edit From Address Grants ability to edit the "from" address when creating or modifying an email trigger. In addition, the Allow user to change email address option must be selected in Email Preferences. This permission works in conjunction with the Global Email Administration - Manage permission. This is an administrator permission. Core Administration
Email Preferences - Manage Grants ability to manage Email Preferences, which includes defining end users' ability to change their email address and the associated email notifications when emails are changed. This is an administrator permission. Core Administration
Employee Recognition Preferences - Manage Grants ability to create and edit employee recognition awards for use by end users. This is an administrator permission. Core Administration
Form Completion - View and Edit OU and Employee Relation Fields Allow users to view and modify organizational unit (OU) and employee relation fields when completing a form that contains the fields. The constraints on this permission determine which fields the user can view and edit when completing a form. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User Subordinates. This is an end user permission. Core
Global Email Administration - Manage Grants ability to manage email trigger templates across all active modules in the portal. Enables creating, editing and deleting email message templates for various system actions and workflows. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Global Email Administration - View Grants view only access to email templates/triggers and email logs at the global level for the portal. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Global Search - People

Grants ability to search for people via Global Search. If this permission is constrained to a specific OU, then that constraint is automatically applied within Global Search, including search filters and search results. This is an end user permission. The availability of this permission is controlled by a backend setting.

Note: In Universal Profile > Bio > Career Preferences, this permission is required for users to search for jobs.

Core
Global Search Preferences - Manage Grants ability to configure Global Search Preferences. This is an administrator permission. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. By default, this permission is constrained to the organization. Core Administration
Grades - View Grants ability to view the Grade Organizational Unit throughout the system, such as in availability drop down selectors, when editing users, etc. Those without this permission do not see the Grade OU on any screen. This is primarily an administrator permission, although organizational policy should determine whether the Grade OU should be visible to end users on reporting screens, etc. Core Administration
Grant Employee Recognition Enables users to grant recognition awards to others, using a predefined list of awards created by administrators. This is an end user permission. Core
Help Link - Manager Provides access to view the User and Manager topics in online help. This is a manager permission. Core
Help Link - System Administrator Provides access to view the User, Manager and System Administrator topics in online help. This is an administrator permission. Core
Help Link - User Provides access to view the End User topics in online help. This is an end user permission. Core
Insights Dashboard Allows user to access Insights Dashboard. This permission cannot be constrained. Core
Language Preferences - Manage Grants ability to set default language for portal/OU and set whether end users may adjust their own portal display language. This is an administrator permission. Core Administration
Log In Message - Manage Grants access to create a message that appears upon portal login to all users or a selected group/subset of users. This is an administrator permission. This permission can be constrained by OU and User's OU. Core Administration
Marketing Email Templates - Manage Grants ability to create and save Marketing Email Templates, which can be reused to send future marketing email messages to users. This is an administrator permission. Core Administration
Marketing Emails - Manage Grants ability to create and send ad hoc emails to populations of users based on their assigned org units, groups, or by user name. This is an administrator permission. Core Administration
My Account - Manage Allow users to view and modify their preferences on the My Account screen. The user must have this permission to access My Account. This permission cannot be constrained. This is an end user permission. Core
My Account Devices - Manage Manage device registrations from My Account. This permission cannot be constrained. This is an end user permission. Core
My Account Preferences - Manage Grants access to the My Account Preferences page, which allows selection of which custom fields display in My Account by OU. Define whether custom fields appear as read only or are editable, and whether entry is required. Also provides ability to customize the names of the tabs that appear in My Account. This is an administrator permission. Core Administration
My Account Social - Manage Grants ability to view and manage third party profile connections on the Social page in My Account. This is an end user permission. Core
MyTeam - Print Grants ability to configure and print out a My Team profile. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Core
MyTeam Comments - Manage Grants ability for manager (or others depending on constraints) to view Comments previously entered about their direct and indirect reports and also create new comments as well as attach files to comments. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Comments tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. Core
MyTeam Search by OU Grants ability to allow users to search by division and position when viewing MyTeam. The constraints upon this permission determine the OUs that are available within the search. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Core
My Team/Talent Profile Preferences Grants ability to set display preferences for the My Team and Talent Profile screens. This permission cannot be constrained. This is an administrator permission. Core Administration
Navigation Tabs and Links - Manage Grants ability to manage Navigation Tabs and Links for the portal. This permission can be constrained by OU, User's OU, and User's Corporation. This is an administrator permission. Core Administration
Organizational Unit Custom Fields - Manage Grant Access to create and edit custom fields for Org Units. This is an administrator permission. Core Administration
Org Chart - Preferences

Grants access to the Org Chart Preferences page. This permission cannot be constrained.

 Core
Org Chart - View Grants access to the new Org Chart page for organizations with Cornerstone HR, Succession, or View. This permission can be constrained by OU, User’s OU, Users, User’s Self, User Self and Subordinates, User’s Manager, User’s Superiors, Employee Relationship, User’s Direct Subordinates, User's Subordinates. Core
Org Chart by Organization - View

Grants access to the Organization tab on the new Org Chart page. This permission cannot be constrained. This permission works in conjunction with the Org Chart - View permission. For users who do not have this permission, the Organization tab will not be available.

Note: This permission pertains to the new Org Chart functionality that is released with the February '17 release. The new Org Chart functionality is only available for organizations with Cornerstone HR, Succession, or View.

Core
OU Group - Manage Grants ability to create, copy, and update/edit custom groups of users without allowing ability to manage org units. This permission can be constrained by OU, User's OU, and Provider. This is an administrator permission. Core Administration
OU Group - Update Grants access to edit existing custom groups of users. This permission can be constrained by OU, User's OU, and Provider. This is an administrator permission. Core Administration
OU Group - View Grants access to view existing custom groups. This permission can be constrained by OU. This is an administrator permission. Core Administration
OU Hierarchy - Manage Grants ability to create and update/edit organizational units. This permission grants access to all OU types, both standard and custom. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Password Preferences - Manage Grants ability to manage Password Preferences, which includes specifying the settings for users to change their own password, or for the system to generate an anonymous password, set the specific password requirements and allowing users to reset password by answering security questions. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Prevent Duplicate Users - Reconcile Grants ability to view user accounts that have been identified as potential duplicates. Administrators can only view pending user records that were created by administrators who are within the constraints on this permission. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Proxy as User Grants ability to log in as another user via proxy, for purposes of troubleshooting user issues. This is an administrator permission. The users to which the administrator has access to log in as is controlled by the users to which the administrator has access on the Users page and by the constraints upon this permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. By default, this functionality is not available for any users, including administrators. To request this permission, contact Global Customer Support. Core Administration
Report Delivery Preferences Provides access to report delivery preferences, which enables administrators to set the preferences related to custom report delivery. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Reset Password and Public Keys - Manage Grants ability to manage FTP account login password and public keys when applicable. Currently, this permission cannot be constrained. Core Administration
Security Administration - General Constraints Grants access to apply general constraints to permissions when creating/editing a security role. This permission works in conjunction with the Security Administration - Manager permission. This is an administrator permission. Core Administration
Security Administration - Manage Grants ability to create, modify and constrain security roles within the portal, and assign users to those security roles. This permission can be constrained by OU, User's OU, User, and User Self and Subordinates. This is an administrator permission. Core Administration
Security Health Check - Edit Security Issues Grants ability to edit security issue settings in the Security Health Check tool and set them to Cornerstone's recommended value. This permission cannot be constrained. This is an administrator permission. Core Administration
Security Health Check - View Grants ability to view the Security Health Check tool. This permission cannot be constrained. This is an administrator permission. Core Administration
Self Registration Groups - Manage Grants ability to create and update/edit self-registration groups, which are configured to make a self-registration page available to people who are not added to the portal via user feed. This permission can be constrained by OU, User's OU, and User's Corporation. This is an administrator permission. Core Administration
Self Registration Groups - View Grants ability to view Self Registration Groups when selecting Availability (for Training, Tasks, learning assignments, etc.) or User Criteria (for Learning Assignments). This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Self-Registration and User Record Custom Fields - Manage Grants access to manage custom fields for user Self Registration and the user record in Custom Field Administration. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Share Manager/Approver Permissions Enables managers and approvers to delegate certain types of approvals and MyTeam viewing permissions to others. This permission is only relevant to managers and approvers. Core
Single Sign On - CSOD Certificate Grants ability to view, manage, and upgrade SSO certificates and configurations. This is an administrator permission. This permission cannot be constrained. Core Administration
SSO Link to Cornerstone Success Center Grants access to an in-portal link to the Cornerstone Success Center sign in page. This is an administrator permission that should be limited to authorized client users of the Cornerstone Success Center. Core Administration
Support Information - Manage Grants ability to manage Support Information, which includes specifying an email address and phone number for end users to contact for portal support. This permission works in conjunction with the Corporate Preferences permission. This is an administrator permission. Core Administration
Task - View Grants ability to view assigned tasks via Scheduled Tasks screen and Welcome Page My Tasks widget. This is an end user permission. Core
Time Zone Preferences - Manage Grants ability to set default time zone for portal/OU and set whether end users may adjust their own portal time zone. This is an administrator permission. Core Administration
Training Data Merge - Manage Grants ability to merge the training records of multiple existing accounts and deactivate one of the accounts, if necessary. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. The applied constraints limit the users that are available to be merged and that are displayed in the History section. This is an administrator permission. Core Administration
Training Data Merge - View Grants ability to view past training record merges. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. Which records are displayed in the History section is dependent on creator constraints. This is an administrator permission. Core Administration
Universal Profile - User Record - Create Users Grants ability to access the User Record Administration page and to create new users in the system. When creating a new user, this permission grants the ability to add general information, which includes first name, last name, username, assigned OUs, and custom relationships. The administrator must have additional permissions to add any additional fields. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Universal Profile - User Record - Edit Users Grants ability to edit user records in the system. The administrator must have additional permissions to edit specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Note: This permission DOES NOT grant the ability to view user records in the system. Administrators must have the Universal Profile - User Record - View Users permission in order to view user records. Core Administration
Universal Profile - User Record - View Users Grants ability to view user records in the system. Administrators can view the Modification History page for user records within their constraints. The administrator must have additional permissions to view specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
User - Edit Absent Status on My Account Page Allows user to change absent status on My Account page. This is an end user permission. Core
User Preferences - Core Information: View Grants ability to view the User Preferences administrator page. This permission does not allow administrators to modify the preferences. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - Leave Types: Manage Grants ability to manage Leave Types on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - Reasons for Change: Manage

Grants ability to define and configure Reasons for Change on the User Preferences administrator page, which may be used when modifying the user record. The administrator must also have the User Preferences - Core Information: View permission to access the User Preferences page.

This permission is also required to view and set the Reason for Change field when editing a user record.

This permission cannot be constrained. This is an administrator permission.

 Core Administration
User Preferences - Termination Reasons: Manage Grants ability to manage Termination Reasons on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - User Statuses: Manage Grants ability to manage User Statuses on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Preferences - User Types and Subtypes: Manage Grants ability to manage User Types and Subtypes on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. Core Administration
User Rating Scales - Manage

Grants ability to manage rating scales for capabilities. This permission cannot be constrained. This is an administrator permission.

This permission only works when used in conjunction with the User Rating permission.

 Core Administration
User Rating Templates - Manage

Grants ability to manage feedback templates for capabilities. This permission cannot be constrained. This is an administrator permission.

This permission only works when used in conjunction with the User Rating permission.

 Core Administration
User Ratings - Feedback Assignment

Grants ability to assign a feedback request to a specific user. This permission can be constrained to User, OU, User's OU, User Self and Subordinates, User's Self, and User's Direct Subordinates. The constraints on this permission determine which users can be selected in the feedback assignment.

 Core Administration
User Ratings - Feedback on specific person

Grants ability to request 360 feedback about a specific user. This permission is intended for administrators, managers, or other leadership roles. This permission can be constrained to User, OU, User's OU, User Self and Subordinates and User's Direct Subordinates.

It is recommended to constrain this permission. Managers should be constrained to "User's Direct Reports." Administrators can constrain themselves or others to a diverse pool of potential raters.

 Core Administration
User Ratings - Request Others to Provide Feedback on Themselves Grants ability to request that someone rate themself. This permission is intended for administrators, managers, or other leadership roles. This permission cannot be constrained. Core Administration
User Ratings - View Ratings and Feedback about Other User

Grants ability to view ratings history and rating details about other people regardless of the visibility settings on the ratings. Grants ability to view the My Feedback Requests page. Administrators with this permission can view all ratings and feedback about all other users, regardless of the visibility settings of the ratings. This permission cannot be constrained.

This permission does not bypass visibility ratings about yourself, which means users cannot use this permission to view ratings provided about themselves that are otherwise not visible to them.

This permission is intended for an administrator or talent partner who needs broad access to all ratings occurring within the portal.

Core Administration
User Ratings

For end users, this permission grants ability to perform ratings and view ratings. For administrators, this permission is required along with the specific user ratings administration permissions to edit rating scales or templates. This permission cannot be constrained.

 Core Administration
User Record Custom Field Configurable Validations - Manage Grants ability to manage the configurable validations for user record custom fields within Custom Field Administration. This permission cannot be constrained. This is an administrator permission. This permission is only available to organizations that are using Cornerstone HR. Core Administration
User Upload Photo Enables users to upload their photo to their user record, via the My Account screen. This is an end user permission. Core
Users - Edit Bypass User Purging Grants ability to set individual users to bypass user purging on the Edit Users page. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. The availability of this permission is controlled by a backend setting. To enable this functionality, contact Global Customer Support. Core Administration
Users - Edit Core Information

Grants ability to add users and edit core information on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View and Users - View Core and Edit Custom Fields permissions. This permission cannot be constrained. This is an administrator permission.

Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:

  • Universal Profile - User Record - Create Users
  • Users - Edit General Information

This permission is obsolete following the retirement of the legacy User Record in the May '17 release.

 Core Administration
Users – Edit Custom Field Information Grants ability to view and edit the custom fields on a user record. Administrators are only able to edit a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users – Edit General Information Grants ability to edit the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users - Edit Local System ID Enables administrator to modify the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - Edit Middle Name Grants ability to modify the middle name for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Mobile Phone Grants ability to modify the Mobile Phone number for a user via the Admin/Users screen. The availability of this permission is controlled by a backend setting. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Personal Email Address

Enables administrator to edit the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator.

 Core Administration
Users - Edit Prefix Grants ability to modify the prefix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Secure User Custom Fields - Unmasked Grants the ability to edit secure user custom field info unmasked. This permission can be constrained by OU, Restrict to User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - Manage OU Based Applicability Grants access to manage OU-based Applicability for user record custom fields. This permission cannot be restrained. This is an administrator permission. Core Administration
Users - Manage Secure User Custom Fields Grants the ability to manage the setting secure user custom fields. This permission can be restrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - View Secure User Custom Fields - Masked Grants the ability to view secure user custom field info masked. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. Core Administration
Users - Edit Sensitive Information: Unmasked Grants ability to view and edit unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view and edit the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - Edit Signature Grants ability to modify the signature font for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit Suffix Grants ability to modify the suffix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - Edit User ID Enables administrator to modify the User ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Absent Status Enables administrator to modify the Absent status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Active Status Enables administrator to modify the Active status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Address Enables administrator to modify the address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Approver Enables administrator to modify the specified Approver for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Email Enables administrator to modify the Email Address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Fax Enables administrator to modify the Fax number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Language Enables administrator to modify the portal display language for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Last Hire Date Enables administrator to modify the Last Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Manager Enables administrator to modify the assigned Manager for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Original Hire Date Enables administrator to modify the Original Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Phone Enables administrator to modify the Phone number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Photo Enables administrator to upload a photo for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Reconciliation Enables administrator to modify the Reconciliation status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Required Approvals Enables administrator to modify the number of required training approvals for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Time Zone Enables administrator to modify the portal time zone for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - Edit Users Type and Status Enables administrator to view and modify the type and status information for a user via the User Record. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users – Effective Dating: Manage Enables administrator to make effective dated changes to the user record. This permission only works when used in conjunction with the Users - Edit General Information permission. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - Manage OU Based Regex Grants access to manage OU-based Regex patterns for user custom fields. This permission cannot be restrained. This is an administrator permission. Core Administration
Users - Unlock Accounts Grants ability to unlock user accounts that are currently locked. This permission can be constrained by OU, User's OU, User's Subordinates, and User. This is an administrator permission. Core Administration
Users - View Approver Search Enables those who can search for and view users via the Admin/User screen to search by users' assigned approver. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users - View Core and Edit Custom Fields

Grants ability to view core information on a user record, including first name, last name, username, assigned OUs, custom relationships, and custom fields. This permission also includes the ability to edit any custom fields that are visible to the administrator. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission.

Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:

  • Universal Profile - User Record - Edit Users
  • Universal Profile - User Record - View Users
  • Users - Edit Custom Field Information
  • Users - View Custom Field Information
  • Users - View General Information

This permission is obsolete following the retirement of the legacy User Record in the May '17 release.

 Core Administration
Users - View Criteria Search Enables those who can search for and view users via the Admin/User screen to search by OU and Group criteria. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users – View Custom Field Information Grants ability to view the custom fields on a user record. Administrators are only able to view a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users – View General Information Grants ability to view the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Universal Profile - User Record - View Users permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Core Administration
Users - View Local System ID Enables administrator to view the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. Core Administration
Users - View Manager Search Enables those who can search for and view users via the Admin/User screen to search by users' assigned manager. This permission only works when assigned in conjunction with the Users - View permission. Core Administration
Users - View Middle Name Grants ability to view the middle name for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. Core Administration
Users - View Mobile Phone Grants ability to view the Mobile Phone number for a user via the Admin/Users screen. The availability of this permission is controlled by a backend setting. This permission only works when used in conjunction with the Users - View permission. Core Administration
Users - View Modification Details Grants ability to view the Modification Details on the User Record and view User Audits fields when creating a User custom report. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. Core Administration
Users - View Personal Email Address Enables administrator to view the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator. Core Administration
Users - View Prefix Grants ability to view the prefix for a user's name via the Admin/User screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. Core Administration
Users - View Sensitive Information: Masked Grants ability to view masked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission cannot view the actual data. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - View Sensitive Information: Unmasked Grants ability to view unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. Core Administration
Users - View Signature Grants ability to view the signature font for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. This is an administrator permission. Core Administration
Users - View Suffix Grants ability to view the suffix for a user's name via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View User ID Enables administrator to view the User ID for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Absent Status Enables administrator to view the Absent status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Active Status Enables administrator to view the Active status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Address Enables administrator to view the address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Approver Enables administrator to view the specified Approver for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Email Enables administrator to view the Email Address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Fax Enables administrator to view the Fax number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Language Enables administrator to view the portal display language for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Last Hire Date Enables administrator to view the Last Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Manager Enables administrator to view the assigned Manager for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Original Hire Date Enables administrator to view the Original Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Phone Enables administrator to view the Phone number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Photo Enables administrator to view a photo for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Reconciliation Enables administrator to view the Reconciliation status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Required Approvals Enables administrator to view the number of required training approvals for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Time Zone Enables administrator to view the portal time zone for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. Core Administration
Users - View Users Type and Status Grants ability to view user type and status information on the User Record. This permission cannot be constrained. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. Core Administration
Users - View Grants ability to search for and view summary information about users in the portal via the Admin/Users screen. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. If multiple constraints are added, these constraints are considered OR statements. This is an administrator permission. Core Administration
Welcome Page - View Grants access to view Welcome Page. This permission cannot be constrained. This is an end user permission. Core
Welcome Page Preferences - Manage Grants ability to configure the look and feel of the Welcome Page that users see upon logging in to the portal. This permission can be constrained by OU and User's OU. This is an administrator permission. Core Administration
Work Force Planning - Administrator Grants access to the Headcount Planning page. Users with this permission can also create new headcount plans for any part of the organization, as well as create subplans that have been assigned to them. Administrators can only view plans that they have created or to which they were assigned as a Co-Planner or Primary Planner. This is an administrator permission. Core Administration
Work Force Planning - Cost Model Manager

Allows user to upload and manage costing files and exchange rates for Planning.

 Core Administration
Work Force Planning - Owner Grants owner-level access to plans. Users with this permission can view their assigned plans and can create plans. This permission cannot be constrained. Core Administration
Work Force Planning - Reporting Analyst Grants reporting analyst-level access to plans. Users with this permission cannot create plans or edit plan metadata. This permission cannot be constrained. Core Administration
Work Force Planning - Subplanner Grants the ability to complete subplans that have been assigned to the user as a Primary Planner or a Co-Planner. Users with this permission cannot create new headcount plans or view all plans. Within the plans assigned to them, users can assign subplans to their direct reports. Core Administration
Writing Tools - Manage Grants ability to activate or deactivate spell checker and inappropriate language filter by module, and create/manage categories for Comment Assistant used in performance tasks. This is an administrator permission. Core Administration
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Form Proxy Completion - Manage Allows administrator to configure the Proxy Availability settings for a form. These settings determine which users can complete the form on behalf of other users and for which users they can complete the form. This permission can be constrained by OU, User's OU, User, and Employee Relationship. This is an administrator permission. Forms Administration
Form Self-Service - Manage Grants access to manage Form Self Service and Self-Service Submissions within Manage Forms. This permission can be constrained by OU and User's OU. This is an administrator permission. Forms Administration
Form Task Snapshot - Manage Grants access to the Form Task Snapshot functionality within Form Task Administration. This permission cannot be constrained. This is an administrator permission. Forms Administration
Form Task Administration - Manage Grants access to the Form Task Administration functionality. This permission can be constrained by OU and User's OU. This is an administrator permission. Forms Administration
Forms - Manage

Grants access to the Manage Forms functionality. This permission can be constrained by OU and User's OU. This is an administrator permission.

Note: This permission enables access to the Form Management functionality that is part of Cornerstone HR functionality and the Onboarding module. This permission does not grant access to the Training Forms Management functionality.

Forms Management Administration
Question Bank - Manage Grants access to the Question Bank functionality. This permission can be constrained by OU and User's OU. This is an administrator permission. Forms Management Administration
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Action Items - EPM Grants ability to view and take action upon Performance (EPM) items on the Action Items page and in the Your Action Items widget. This permission can be constrained by OU, User's OU, User's Self, and User's Self and Subordinates. This is an end user permission. Universal Profile
Action Items - Forms Grants ability to view Form actions via the Universal Profile - Actions page or the Welcome/Custom page Actions widget. This permission cannot be constrained. Universal Profile
Action Items - LMS Grants ability to view and take action upon Learning (LMS) items on the Action Items page. This permission can be constrained by OU, User's OU, User's Self, and User's Self and Subordinates. This is an end user permission. Universal Profile
Action Items - View Grants ability to view action items on the Action Items page and in the Your Action Items widget. Users without this permission cannot access the Action Items page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, and User's Self. This is an end user permission. Universal Profile
Bio About - View

Enables user to view the Bio page for users within their permission constraints. This permission must be enabled to view the Transcript page within Universal Profile. If a user does not have this permission and they click a person's name or user photo within the Universal Profile, then the Bio page will not open.

On the Learner Home page, this permission also allows end users to view the Completions & Hours field, the training sidebar, and the Continue Learning carousel.

This permission can be constrained by Employee Relationship, OU, User's OU, User's Direct Reports, User Self and Subordinates, and User. Note: For security purposes, this permission is constrained to User Self and Subordinates by default. However, the permission constraints can be modified to allow users to view the Bio About page for other users.

 Universal Profile
Bio About Preferences - Manage Enables administrator to access and edit the Bio About Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile
Bio Career Preferences - View Grants ability to view the Bio - Career Preferences page for users within the permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User's Direct Reports, User's Self, and User. Universal Profile
Bio Resume - View Enables user to view the Bio - Resume page for users within their permission constraints. If a user does not have permission to view the Bio - Resume page, then the Resume tab is not available. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User's Direct Reports, User's Self, and User. Universal Profile
Documents - Delete Enables user to delete a file that has been uploaded to the Snapshot - Documents page. The constraints on this permission determine which documents the user can delete. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, Self and Direct Reports, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Universal Profile
Feedback - Delete Enables user to delete a feedback post or comment on a user's page. The user can delete feedback from the Feedback page of any user who is within the permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Self. The permission constraints apply to the creator of the post or comment, not the target user. Universal Profile
Feedback - Request

Enables user to request feedback from the Feedback page of their Universal Profile. Users can only request feedback from other users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Self. This is an end user permission.

Note: This permission should not be constrained by Employee Relationship, as this constraint would not be effective and does not stop the user from requesting feedback from users outside of Employee Relationship constraint if applied.

Universal Profile
Feedback - View and Post Enables user to view the Feedback page of the Universal Profile and to post feedback. Users can only view the Feedback page for users within their permission constraints. Similarly, users can only post feedback for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Self, and Employee Relationship. This is an end user permission. Universal Profile
Feedback Details - View Enables user to view the Feedback Details page and provide feedback when they are requested to provide feedback. This permission cannot be constrained. This is an end user permission. Universal Profile
Feedback Preferences - Manage Enables administrator to access and edit the Feedback Preferences page. From this page, administrators can configure which options are available when users are requesting and providing feedback within the Universal Profile: Feedback page. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile
Feedback - Request for other users Enables user to request feedback on behalf of other users from their Feedback page. This permission can be constrained by User's Subordinates, Direct Reports, and Custom Relationship. Universal Profile
Snapshot - Badges Enables user to view the Badges widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Any user with this permission will always be able to view their own Badges widget when the widget is enabled. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 

With the Aug '17 release, this permission also allows end users to view the Badges field on the Learner Home page.

 Universal Profile
Snapshot - Compensation Enables user to view the Compensation widget within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Competencies Enables user to view the Competencies widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Development Plans

Enables user to view the Development Plans widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 Universal Profile

Snapshot Goals - Manage

Enables user to manage their own goals, and others public goals, using the Goals widget and subpage within the Universal Profile - Snapshot page, for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports.

Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

Universal Profile

Snapshot Goals - View

Enables user to view their own goals, and others’ public goals, using the Goals widget and subpage within the Universal Profile - Snapshot page, for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports.

Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

Universal Profile
Snapshot - Leaderboard Enables user to view the Leaderboard widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Any user with this permission will always be able to view their own Leaderboard widget when the widget is enabled. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot - Peers Grants ability to view the Peers widget within the Universal Profile - Snapshot page. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User, User's Self, User's Subordinates, and User's Direct Reports. This is an end user permission. Universal Profile
Snapshot - Reviews

Enables user to view the Reviews widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.

 Universal Profile
Snapshot Documents - View Grants ability to view the Documents widget and subpage within the Universal Profile - Snapshot page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. This is an end user permission. Universal Profile
Snapshot Folder Preferences - Manage Enables administrator to view the Folder Preferences Admin page and manage folder creation, access, and deletion for the Documents page within Universal Profile: Snapshot. This permission cannot be constrained. This is an administrator permission. Universal Profile
Snapshot Main - View Enables user to view the Snapshot page for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Snapshot Preferences – Manage Enables administrator to access and edit the Snapshot Preferences page. This permission can be constrained by Employee Relationship, OU, and User's OU. This is an administrator permission. Universal Profile
Snapshot Succession – Manage Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view and manage successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. Universal Profile
Snapshot Succession - View Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. For most users, this permission should be constrained by User Self and Subordinates. Universal Profile
Universal Profile Preferences - Manage Enables administrator to access and edit the Universal Profile General Preferences page. This permission can be constrained by OU and User's OU. This is an administrator permission. Universal Profile
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Workflows - Global Settings Grants access to manage Global Workflow Settings. Workflow Engine
Workflow Engine - Initiate Workflows Grants ability to initiate the first step of a workflow. Workflow Engine
Workflow Executions - Manage Grants access to manage Workflow Executions. Workflow Engine
Workflow - Management Page Grants access to manage their Workflows, Global Workflow Settings, and view Workflow Executions. Workflow Engine
Workflow - Mass Enrollment Grants access to the mass enrollment functionality. This permission cannot be constrained. Workflow Engine
Workflow Engine - Workflow Library - Manage Grants access to view, edit, and publish workflows in the Workflow Library. This is an administrator permission. Workflow Engine
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
View Data: Preferences Grants access View Data Preferences. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Subordinates, User's Direct Subordinates, and User's Corporation. View
View Data: View Grants access to View Data. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Subordinates, User's Direct Subordinates, and User's Corporation. View
View People Preferences Page Grants access to the View People Preferences page, which allows administrators to configure the View People page according to their needs per organizational unit (OU). This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User's Subordinates. View
View People: Share Grants access to open View People to view shared lists. Can dynamically grant access to users to only view the lists that have been shared with the user. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports, and User's Subordinates. View
View People: View Grants access to open View People to see results and share lists. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User's Subordinates. View

Edge and Data Load Permissions

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Data Load Wizard - Compensation Enables administrator to load compensation data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Competency Bank Enables administrator to load competency bank data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Data Load Queue Enables administrator to access the Data Load Queue screen, which displays all data loads, including current and past loads. Constraints can be applied to this permission. However, these constraints do not impact which data loads are visible to the administrator. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation – Create Enables administrator to access the Feed Summary page in order to create and edit compensation data feeds. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation – Run Feed Enables administrator to access the Feed Summary page in order to manually run a compensation data feed once it has been created. This is an administrator permission. Data Load Wizard
Data Load Wizard - Feed Configuration: Compensation - Save Enables administrator to access the Feed Summary page in order to view and edit compensation data feeds. This is an administrator permission. Data Load Wizard
Data Load Wizard - Group Data Load Enables administrator to load group data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - Manage Templates Enables administrator to access the Manage Templates page within the Data Load Wizard. From the Manage Templates page, administrators can view, download, and archive templates. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - OUs Enables administrator to load OUs. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Resume Enables administrator to load resume data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Set User Password Enables administrator to set a default password for new users when loading users. This is an administrator permission. Data Load Wizard
Data Load Wizard - Track Data Loads Enables administrator to access the Track Data Loads page within the Data Load Wizard. From the Track Data Loads page, administrators can print and download error and archive logs. This permission cannot be constrained. This is an administrator permission. Data Load Wizard
Data Load Wizard - Users Enables administrator to load users. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. Data Load Wizard
Data Load Wizard - Enable User GUID Enables the GUID in the Data Load Wizard User Load and mapping template. This enables organizations to include the GUID as the primary key for user data loads. This permission cannot be constrained. Data Load Wizard
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access Edge Bulk API History Grants access to the Bulk API History page, which displays all the loads that have been performed using the Bulk API. Administrators can select a load to view additional details of the load, including the results. This permission cannot be constrained. This is an administrator permission. Edge
Access Edge Bulk API

Grants ability to access and utilize the Bulk API. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Cost Center OU

Grants ability to use the Bulk API to load cost center organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Custom OU

Grants ability to use the Bulk API to load custom organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Division OU

Grants ability to use the Bulk API to load division organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Employee

Grants ability to use the Bulk API to load employee data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Grade OU

Grants ability to use the Bulk API to load grade organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Legal Entity OU

Grants ability to use the Bulk API to load legal entity organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Location OU

Grants ability to use the Bulk API to load location organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Bulk API - Position OU

Grants ability to use the Bulk API to load position organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge
Download Reports Access when portal opts-in for Restrict reports access - Edge Import

Grants ability to download Edge Import load details reports for loads performed by others.

Users who do not have this permission cannot download load import results for loads performed by others. In addition, users without this permission cannot load data for someone who has previously only validated their data.

This permission cannot be constrained. This is an administrator permission.

This permission is only available and applicable when the portal has enabled the restriction for Edge Import load details report access.

 Edge
Edge APIs - Manage Grants ability to manage Edge APIs on the API Management page. Edge
Edge Develop - API Explorer Grants access to the API Explorer, which provides access to help documentation for various API applications. Edge
Edge Integrations - Manage Grants access to the Integrations service for Edge Integrate where the administrator can configure, enable, and disable their third-party integrations that are used within the Cornerstone system. This permission cannot be constrained. This is an administrator permission. Edge
Edge Marketplace - Manage Grants access to the Marketplace service for Edge Integrate where the administrator can browse and purchase integrations that can be used to extend the Cornerstone system. This permission cannot be constrained. This is an administrator permission. Edge
Employee API - View - Constrained

Grants ability to use the Employee API v2 to view employee data with constraints. This permission can be constrained by User, OU, and User's OU. The constraints on this permission limit what data is accessible via the Employee API v2. This is an administrator permission.

This permission is only available when the Employee API v2 is enabled via Edge Marketplace.

 Edge
External Job Application API: Manage Grants access to manage the Job Application API. This permission is automatically enabled upon enabling either the Cornerstone API bundle or the One-Click Apply with Stepstone integration. Only available if enabled by a backend setting. Edge
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Access Bulk API - LMS - Curriculum Transcripts

Grants ability to use the Bulk API to load curriculum transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Curriculum

Grants ability to use the Bulk API to load curriculum learning object and structure data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Events

Grants ability to use the Bulk API to load event learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - External Training Transcripts

Grants ability to use the Bulk API to load external training transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - ILT Transcripts

Grants ability to use the Bulk API to load instructor-led training (ILT) transcript data, session transcript custom fields data, and event transcript custom fields data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Material Transcripts

Grants ability to use the Bulk API to load material transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Material

Grants ability to use the Bulk API to load material learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Online Course

Grants ability to use the Bulk API to load online course learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Online Transcripts

Grants ability to use the Bulk API to load online transcripts data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Session Parts

Grants ability to use the Bulk API to load session parts data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Sessions

Grants ability to use the Bulk API to load event session data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test Mapping

Grants ability to use the Bulk API to load test mapping data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test Transcripts

Grants ability to use the Bulk API to load test transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Test

Grants ability to use the Bulk API to load test learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Video Transcripts

Grants ability to use the Bulk API to load video transcript data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access Bulk API - LMS - Video

Grants ability to use the Bulk API to load video learning object data. This permission cannot be constrained. This is an administrator permission.

This permission is only available when the Bulk API is enabled via Edge Marketplace.

 Edge Import
Access CHR - Employee Load Grants access to the Cornerstone HR (CHR) employee data load via Edge Import. This permission and data load type are only available to organizations using CHR. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Grants access to the Edge Import tool, which enables administrators to load data into their portal. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Cost Center Grants access to the Cost Center organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Custom OU Grants access to the Custom organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Division Grants access to the Division organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Grade Grants access to the Grade organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Group Grants access to the Group organizational unit and Group Membership data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Legal Entity Grants access to the Legal Entity organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Location Grants access to the Location organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access Edge Import Workflow - Position Grants access to the Position organizational unit data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Curriculum Load

Grants ability to access load reports and perform Curriculum load and Curriculum Structure loads via Edge Import. This permission cannot be constrained. This is an administrator permission.

 Edge Import
Access LMS - Curriculum Transcripts Load Grants access to the Curriculum Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Evaluation Question Bank Load Grants access to the Evaluation Question Bank data load via Edge Import. This load type allows customers to create new evaluation questions and update existing evaluation questions, which can be used in Evaluation Administration when creating evaluations. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Events Load Grants access to the Events data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - External Training Load Grants access to the External Training data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Facilities Load Grants access to the Facilities data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - ILT Instructors Load Grants access to the ILT Instructors data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - ILT Transcripts Load Grants access to the ILT Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Learning Object Equivalencies Load Grants access to the Learning Object (LO) Equivalencies data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - LO Availability Load Grants access to the LO (Learning Object) Availability data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Material Transcripts Load Grants access to the Material Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Metadata Load Grants access to the Online Content Metadata data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - OLCO Transcript Load Grants access to the Online Content Transcript and Online Content Transcript Custom Field data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Course Assets Load Grants access to the Online Course Assets data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Course Metadata Load Grants access to the Online Course Metadata data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Online Transcripts Load Grants access to the Online Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Providers Load Grants access to the Providers data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Question Category Load Grants access to the Question Category data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Question Load Grants access to the Question data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Session Parts Load Grants access to the Session Parts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Sessions Load Grants access to the Sessions data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Subjects Load Grants access to the Subjects data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Test Mapping Load Grants access to the Test Mapping data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Test Transcripts Load Grants access to the Test Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Tests Load Grants access to the Tests data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Video Transcripts Load Grants access to the Video Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access LMS - Videos Load Grants access to the Videos data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Access REC - Requisition Template Load Grants access to the Requisition Template load for Recruiting via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Create/Update Configurations Grants ability to create and update Edge Import configurations. This permission cannot be constrained. This is an administrator permission. Edge Import
Delete Configurations Grants ability to delete Edge Import configurations. Users with this permission can delete configurations created by anyone for all types of data imports. This permission cannot be constrained. This is an administrator permission. Edge Import
Delete Feeds Grants ability to delete disabled Edge Import feeds. Users with this permission can delete disabled feeds created by anyone for all types of data feeds. This permission cannot be constrained. This is an administrator permission. Edge Import
Disable Data Load Wizard

Grants access to the Disable DLW tab within the DLW Migration tool. From the Disable DLW tab, administrators can disable Data Load Wizard for the portal. This permission cannot be constrained. This is an administrator permission.

Important: Disabling a DLW type is a permanent action, and it cannot be undone. It is important to only disable a DLW type once you have fully migrated to the corresponding loads and feeds in Edge Import.

Edge Import
Edge Import - Employee Load Constrained This permission enables organizations to constrain an administrator's ability to load employee data. Administrators can only load employee data if the employee is within the constraints on this permission. This permission can be constrained by OU. This is an administrator permission. Edge Import
Edge Import - Load Employee Salary Grants access to the employee salary data load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Individual Target Grants access to the individual target load for Compensation via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Review Scores and PDFs Grants access to load performance review scores and PDFs via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - Load Salary Structures Grants access to the salary structure load for Compensation via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import
Edge Import - User Goal Load Grants access to the User Goal Load via Edge Import. This permission cannot be constrained. This is an administrator permission. Edge Import

Reporting Permissions

The granular model uses the Reporting 2.0 permissions to allow you to create more specific reports by report field. For this reason, permissions are at more of a granular level with this functionality.

The permissions are broken down by the main product level permission, section level, and then at the field level. For example, if you wanted to report on Instructor Led Training (ILT) in the system, you would need:

  • The Reporting - Manage permission to create reports.
  • The Reporting - View permission to preview reports and view reports.
  • The top-level product specific permission to create reports related to that product.
    • e.g. Reporting - Learning - Manage
  • The section specific permission to create reports for that feature within the product.
    • e.g. Reporting - Learning - ILT - Manage
  • The field level permissions to be able to create reports with the specific fields for that feature within the product.
    • e.g. Reporting - Learning - ILT - ILT Facility - Manage

If a user does not have each level of permission, then they may not have access to the report builder, or the section may not be visible, or the fields within the section may not be visible. Also, if a user does not have the top-level product permission, then none of the fields for that product will be visible, such as the fields for LMS reports.

The power of this granularity of permissions is that you can give access to as many or as few fields as necessary for your users. For example, you may give users access to the User section but not give them access to the User Identifier section if that contains sensitive data for your portal.

If a user has all relevant permissions, but the corpsetting for a particular area is set to FALSE, any fields related to that section will still appear blank in a report. An example where this could occur is SCORM 2004 quiz data.

Note: When a user has a top-level, section, or field level permission, it is not necessary to also assign the Reporting - Manage or Reporting - View permissions since the more granular product specific permissions will give the user access to Reporting 2.0.

Note: Due to sensitivity, users who need to report on Gender, Ethnicity and Grade information, would need the following permissions in addition to the reporting permissions:

  • For Gender: User Upload - Gender
  • For Ethnicity: User Upload - Ethnicity
  • For Grades: View Grades

List of Permissions

For the full list of permissions and their relationships, see the permissions spreadsheet in Online Help.

The Reporting - Apply Owner Constraints permission grants the ability to turn on the Apply Owner Constraints setting for reports in the Report Properties panel. This setting affects shared users, delivery, and reports published to dashboards.

When the setting is enabled, the report owner's constraints are applied to the report, and users that run the report will see the report with the report owner's constraints instead of their own. For reports published to dashboards the owner constraints are only applied if the underlying report is also shared with the user. If just the dashboard is shared, but not the report itself, the users own constraints are applied even though the toggle is set to apply owner constraints.

Due to the possibility of unintended user data becoming visible to a user viewing a report with the report owner's constraints, it is recommended that filters be added to the report to restrict data visibility. It is also recommended that the report owner test the report prior to sharing to ensure the data visibility is appropriate and intended.

The Reporting - Download permission grants users the ability to download Reporting 2.0 reports. This permission cannot be constrained; however, when users download a report, any Reporting - View constraints are applied. Users with the permission see the download option on the Report Home and the Report Viewer.

For clients that have already opted in and previously activated Reporting 2.0, this new permission is added automatically to the System Administrator role and to any security role that currently has at least one Reporting - View permission.

For clients that are opting in and activating Reporting 2.0 for the first time with the August ’18 Release, this new permission is available to administrators in the System Administrator role who can then add the permission to other roles at their discretion. Users without this permission will not see any download options in the Report Home or the while Viewing Reporting 2.0 reports.

The Reporting - Email Delivery permission grants the ability to deliver reports in Reporting 2.0. Users must also have permission to view reports. The permission can be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Employee Relationship

This permission grants access to the Custom Reports Usage Report in Reporting 2.0. The report is available for administrators only.

The report can be accessed by clicking the Import Custom Reports button on the Reporting 2.0 homepage, and then clicking the Custom Reports Usage Report link in the Import Your Custom Reports flyout.

See Reporting 2.0 - Custom Reports Migration Tool.

The Reporting - FTP Delivery permission grants the ability to schedule delivery of Reporting 2.0 reports to an FTP directory. This permission cannot be constrained.

This permission is used in conjunction with the view permission for Reporting 2.0 and can also be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.

Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.

The Reporting - Manage Global Calculated Fields permission grants the ability to publish calculated fields to all users. This permission cannot be constrained.

Note: Calculated fields can be created by all users who have permission to create reports in Reporting 2.0. However, in order to publish the calculated field globally, a user needs permission to manage global calculated fields.

The Reporting - Recruiting - Custom Integrations - Manage permission grants access to build and manage reports in the Custom Integrations section. This permission cannot be constrained.

The Reporting - Recruiting - Custom Integrations - View permission grants access to view the Custom Integrations section in reporting. This permission cannot be constrained.

The option for sharing reports is only visible to users who have the Reporting - Share permission. Users without the permission can still receive shared reports, but constraints (for other permissions, such as Reporting - Core permissions) will be respected. For example, if you share a report that contains data around Location A and the user receiving the report is constrained to only see data for Location B, the report would not contain any records.

The following constraints are available for this permission:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • User's Self
  • User's Manager
  • User's Superiors
  • User’s Subordinates
  • User’s Direct Subordinates
  • Relationship

The Reporting - System Templates permission grants users the ability to use all system templates. System templates are available for generating certain Learning, Core, and Performance data.

This permission works in conjunction with other Reporting 2.0 permissions. For example, users without the Reporting - Learning - View permission will not see any templates for Learning.

This permission is automatically added to the Cornerstone Administrator and System Administrator security roles in all portals that have self-enabled Reporting 2.0.

Sharing Reports Created with a System Template

When you share a report that was created using a template, the shared users will be able to view the report without needing to be granted the Reporting - System Templates permission. The permission is only needed for administrators who should distribute templates to their users.

Permission Constraints

Constraints exist at the section level for permissions. The following constraints are available:

  • OU
  • User’s OU
  • User Self and Subordinates
  • User’s Direct Report
  • User
  • Learning-specific constraints:
    • Provider
    • Training Item
    • Training Type
  • Requisition-specific constraints:
    • User's Division
    • User's Position
    • User's Location
    • Division
    • Position
    • Location

Note: Constraints are applied differently for Recruiting reports. Multiple criteria for the same OU type use the OR logic (e.g., only constraints for Location OU), while inter-OU type criteria use AND logic (e.g., a constraint for Location OU and a constraint for Division OU).

For all other reports, the regular constraint logic is applied. See this Knowledge Article for more details about the general constraint logic: https://csod-external.force.com/supportcentral/s/article/Several-constraints-added-to-permission-work-as-OR-statements.

PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Calculated Fields - Modify Grants ability to view, modify, create, and delete any calculated fields that have been created by themselves or public fields in Analytics. This permission cannot be constrained. This permission works in conjunction with other Custom Report - Create permissions. Reports - Analytics
Calculated Fields - View Grants ability to view any calculated fields that have been created by themselves or public fields in Analytics. This permission cannot be constrained. This permission works in conjunction with other Custom Report - Create permissions. Reports - Analytics
Custom Certification Report - Create Grants ability to create and edit Custom Certification reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. Reports - Analytics
Custom Certification Report - View Grants ability to view results of Custom Certification reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. Reports - Analytics
Custom Compensation Report - Create Grants ability to create and edit custom Compensation reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Compensation Report - View Grants ability to view results of custom Compensation reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Competency Report - Create Grants ability to create and edit custom Competency reports. This permission can be constrained by User Self and Subordinates, OU, User’s OU, User's Direct Subordinates, and User. Reports - Analytics
Custom Competency Report - View Grants ability to view results of custom Competency reports created by self or shared by others. This permission can be constrained by User Self and Subordinates, OU, User’s OU, User's Direct Subordinates, and User. Reports - Analytics
Custom Connect Report - Create Grants ability to create and edit custom Connect Communities reports. Reports - Analytics
Custom Connect Report - View Grants ability to view results of custom Connect reports created by self or shared by others. Reports - Analytics
Custom Development Plan Report - Create Grants ability to create and edit custom Development Plan reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. Reports - Analytics
Custom Development Plan Report - View Grants ability to view results of custom Development Plan reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. Reports - Analytics
Custom Engage Response Report - Create Grants ability to create and edit custom Engage reports. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports. Reports - Analytics
Custom Engage Response Report - View Grants ability to view results of custom Engage reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports. Reports - Analytics
Custom Evaluations Reports - Create Grants ability to create and edit custom Evaluation reports (training evaluation levels 1, 2, and 3). This permission can be constrained by OU, User's OU, and User's Direct Subordinates. Reports - Analytics
Custom Evaluations Reports - View Grants ability to view results of custom Evaluation reports (training evaluation levels 1, 2, and 3) created by self or shared by others. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. Reports - Analytics
Custom Forms Report: Create

Grants ability to create and edit custom Forms reports. This permission refers to creating custom reports for the Forms functionality. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Subordinates, and User.

 Reports - Analytics
Custom Forms Report: View

Grants ability to view results of custom Forms reports created by self or shared by others. This permission refers to viewing custom reports for the Forms functionality. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Subordinates, and User.

 Reports - Analytics
Custom Job Pool Succession Report - Create Grants ability to create and edit custom Job Pool Succession reports. This permission can be constrained by Position and User's Direct Subordinates. Reports - Analytics
Custom Job Pool Succession Report - View Grants ability to view results of custom Job Pool Succession reports created by self or shared by others. This permission can be constrained by Position and User's Direct Subordinates. Reports - Analytics
Custom Goal Report - Create Grants ability to create and edit custom Goals reports. This permission can be constrained by OU, User's OU, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Goal Report - View Grants ability to view results of custom Goal reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Multi-Module Report - Create Grants ability to create and edit custom Multi-Module reports. This permission works in conjunction with other Custom Report - Create permissions. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User. Reports - Analytics
Custom Multi-Module Report - View Grants ability to view results of custom Multi-Module reports created by self. This permission works in conjunction with other Custom Report - View permissions. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User. Reports - Analytics
Custom Observation Checklist Report - Create Grants ability to create and edit Observation Checklist Reports in Analytics. This permission can be constrained by OU, User's OU, User, User's Self, User's Manager, User's Subordinates, User's Direct Reports, User's Superiors, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Observation Checklist Report - View Grants ability to view Observation Checklist Reports in Analytics. This permission can be constrained by OU, User's OU, User, User's Self, User's Manager, User's Subordinates, User's Direct Reports, User's Superiors, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Talent Pool Report - Create Grants ability to create and edit Custom Talent Pool Reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Talent Pool Report - View Grants ability to view results of Custom Talent Pool Reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Training Form Management Reports - Create Grants ability to create and edit custom Training Form Management reports. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. Reports - Analytics
Custom Training Form Management Reports - View Grants ability to view custom Training Form Management reports. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. Reports - Analytics
Custom Training Forms - Curricula Report - Create Grants ability to create and edit custom Training Forms - Curricula reports. Reports - Analytics
Custom Training Forms - Curricula Report - View Grants ability to view custom Training Forms - Curricula reports. Reports - Analytics
Custom Performance Reports - Create Grants ability to create and edit Custom Performance reports. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Performance Reports - View Grants ability to view results of Custom Performance reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Performance Review Report - Create Grants ability to create and edit custom Performance Review reports. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Performance Review Report - View Grants ability to view results of custom Performance Review reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Recruiting Report - Access Historical Status Section Grants ability to view and access fields from the Historical Status section of Custom Recruiting reports. This permission can be constrained by Division, Position, and Location. Reports - Analytics
Custom Recruiting Report - Create Grants ability to create and edit Custom Recruiting reports. This permission can be constrained by Division, Position, Location, and User's Direct Subordinates. Reports - Analytics
Custom Recruiting Report - View Grants ability to view results of Custom Recruiting reports created by self or shared by others. This permission can be constrained by Division, Position, Location, and User's Direct Subordinates. Reports - Analytics
Custom Resume Report - Create Grants ability to create and edit custom Resume reports. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Resume Report - View Grants ability to view results of custom Resume reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Succession Report - Create Grants ability to create and edit Custom Succession Management (SMP) Reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Succession Report - View Grants ability to view results of Custom Succession Management (SMP) Reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User's Subordinates. Reports - Analytics
Custom Test Reports - Create Grants ability to create and edit custom Test reports (Test Engine data). This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Test Reports - View Grants ability to view results of custom Test reports (Test Engine data) created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Training Plan Report - Create Grants ability to create and edit training plan (Training Demand Forecast) custom reports. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Training Plan Report - View Grants ability to view results of training plan (Training Demand Forecast) custom reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. Reports - Analytics
Custom Training Reports - Create Grants ability to create and edit Custom Training (Catalog) reports. This permission can be constrained by Provider. Note: When the constraint is set for the permission, users will only be able to view training data for the constrained providers. Reports - Analytics
Custom Training Reports - View Grants ability to view results of Custom Training (Catalog) reports created by self or shared by others. This permission can be constrained by Provider. Note: When the constraint is set for the permission, users will only be able to view training data for the constrained providers. Reports - Analytics
Custom Training Unit Distributor Reports - Manage Grants access to view, create and edit Training Unit Distributor Report in Analytics, which displays training unit information for distributed training units. This permission can be constrained by User, User's OU, and User Self and Subordinates. Reports - Analytics
Custom Training Unit Distributor Reports - View Grants access to view the Training Unit Distributor Report in Analytics, which displays training unit information for distributed training units. This permission can be constrained by User, User's OU, and User Self and Subordinates. Reports - Analytics
Custom Training Unit Key Code Reports - Create

Grants access to view, create and edit the Training Unit Key Code Report in Analytics, which displays training unit information for key codes. This permission can be constrained by OU, User’s OU, User Self and Subordinates, User, User’s Self, User’s Manager, User’s Superiors, User’s Subordinates, User’s Direct Reports.

 Reports - Analytics
Custom Training Unit Key Code Reports - View Grants access to view the Training Unit Key Code Report in Analytics, which displays training unit information for key codes. This permission can be constrained by OU, User’s OU, User Self and Subordinates, User, User’s Self, User’s Manager, User’s Superiors, User’s Subordinates, User’s Direct Reports. Reports - Analytics
Custom Transaction Reports - Create Grants ability to create and edit Custom Transaction (Billing) reports. Reports - Analytics
Custom Transaction Reports - View Grants ability to view results of Custom Transaction (Billing) reports created by self or shared by others. Reports - Analytics
Custom Transcript Reports - Create Grants ability to create and edit Custom Transcript (Training Record) reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom Transcript Reports - View Grants ability to view results of Custom Transcript (Training Record) reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom User Reports - Create Grants ability to create and edit Custom User reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Custom User Reports - View Grants ability to view results of Custom User reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. Reports - Analytics
Preview Custom Reports Grants ability to preview custom reports when creating and editing, before changes are saved. This permission works in conjunction with custom report create permissions. This permission cannot be constrained. Reports - Analytics
Report Delivery - Email Enables creators of custom reports to schedule delivery of the report to their email address. This permission works in conjunction with custom report - create permissions. Reports - Analytics
Report Delivery - FTP Enables creators of custom reports to schedule delivery of the report to an FTP directory. This permission works in conjunction with custom report - create permissions. Reports - Analytics
Reports Inside a Folder - Share Grants only users with this permission the ability to share all custom reports within a report folder in a single action. This permission can be constrained by User, OU, or User's OU. Note: You must also have permission to create the corresponding report type to share the report. Reports - Analytics
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Dashboard - Create Grants the ability to create a dashboard of one or more graphical standard reports and/or charts that can be saved and refreshed at-will to update the results on an ongoing basis. User must also have permission for at least one of the standard reports that are designated for use in dashboards, or for a Reporting 2.0 report with chart that has been published to Dashboards. If a user does not have permission to view a report type, the user cannot add that report type to the dashboard. Reports - Dashboards
Dashboard - Share Grants the ability to share a dashboard created by self with other users within the portal who may then view and refresh the results of the dashboard at-will. This permission works in conjunction with the Create Dashboard permission. Reports - Dashboards
Dashboard - View

Grants the ability to view dashboards created by self or shared by others. User must also have permission to view the standard, custom or Reporting 2.0 reports that are included in any shared dashboards. If a user does not have permission to view a report type, the user cannot view that report type within the dashboard. This is an end user permission.

 Reports - Dashboards
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Groups Criteria Report Grants access to the Group Criteria Report, which enables organizations to retrieve the criteria defined for one or more groups in their portal. This permission cannot be constrained. Reports - System
Login Report Grants access to the Login Report, which enables organizations to report on which users have logged in to the portal and when. This permission cannot be constrained. Reports - System
OU Audit Report Grants access to OU Audit report, which displays audit information for changes made to organizational units. This permission can be constrained by OU, User's OU, and User's Corporation. Reports - System
OU Hierarchy Report Grants access to OU Hierarchy Report, which displays details of each organizational unit for a selected OU type. Reports - System
Proxy as User Report Grants access to the Proxy as User Report, which enables organizations to report on which users have logged in to the portal and when. This permission cannot be constrained. Reports - System
Reporting 2.0 Delivery Log

Grants access to view the Reporting 2.0 Delivery Log, which displays user-level information about deliveries for your Reporting 2.0 Reports.

Reports - System
Reporting 2.0 Report Details

Grants access to view the Reporting 2.0 Report Details, which displays information about the Reporting 2.0 reports created and ran.

The Reporting 2.0 Report Details permission can be constrained by OU and User constraints. The constraints apply to the recipient user.

The Reporting 2.0 Report Details permission will be assigned to the Cornerstone Administrator and System Administrator roles by default.

 Reports - System
Security Role Report Grants access to view the User Roles, Permission and Constraints Report, which displays user level information about roles, permissions and constraints. This permission cannot be constrained. Reports - System
Security Role - Audit Report Grants access to the Security Role - Audit Report, which enables organizations to report on which users have been assigned to which security roles and the security role modification history. This permission cannot be constrained. Reports - System
Security Role - User Permission Report Grants access to the Security Role - User Permission Report, which enables organizations to report on the roles assigned to a user and the permissions and constraints associated with those roles. This permission cannot be constrained. Reports - System
User Audit Report - Detailed Grants access to the User Audit standard report, which displays detailed changes to user data. Users with this permission must also have permission to view user fields in other areas of the system. The users and fields available in this report are controlled by additional permissions. This permission can be constrained by OU, User's OU, User's Subordinates, User's Direct Subordinates, User's Self, User Self and Subordinates, User, and Employee Relationship. The constraints on this permission limit the users and OUs that are available when running the report. This is an administrator permission. Reports - System
User Record as of a Date Grants access to run the User Record as of a Date report, which displays user data as of a specified effective date. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. The constraints on this permission limit the users and OUs that are available when running the report. Also, the constraints are based on the data as of the effective date of the report. This is an administrator permission. Reports - System
User Record Audit Report Grants access to User Record Audit report, which displays user record modification history. The selected constraints function independently and are then combined to determine the availability for this report. Reports - System
User's OUs and Groups Report Grants access to User's OUs & Groups Report, which lists all of the OUs and Groups to which a user belongs, and can include OUs and Groups to which a user has belonged in the past. Reports - System
PERMISSION NAME PERMISSION DESCRIPTION CATEGORY
Employee Transcripts - Manager/Approver Access

Grants access to transcript (training record) screen of those for whom user is designated manager, approver or cost center approver. System administrators can access all user transcripts from this page. Link to this screen appears under Standard Reports/Track Employees. This is a manager/approver permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Form Management Status Report Grants access to Form Management Status report, which displays form task status summary by user. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
ILT No Show Report - Manager Version Grants access to manager version of the ILT No Show Report, which displays attendance summaries and lists of subordinates who were registered for but did not attend any parts of instructor led training sessions. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
ILT Session Withdrawal Report - Manager Version

Grants access to Session Withdrawal report for subordinates of the user. The report displays subordinates who registered and later withdrew their registration, including reasons for withdrawal. This is a manager report. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Past Training Requests Report

Grants access to Past Requests, an interactive report that displays training requests the user has already approved, deferred, or denied. The user may change the approval decision for training that an employee has not yet registered for. This is an approver permission.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Employee Records

Grants access to Employee Records, enabling manager to view basic user and transcript data for a single direct or indirect report. This is a manager permission. This permission can be constrained by User's Direct Subordinates.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Past Due Report Grants access to Employee Past Due report, which displays past due training for subordinate employees (system administrators see all employees). This is a manager report. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Reports - Track Employee
Track Employees - Training Progress Pie Chart

Grants access to Employee Training Progress Summary Report, a pie chart report that displays transcript status on a single learning object for a manager's direct reports. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee
Track Employees - Training Status Summary Report

Grants access to Employee Training Status Summary Report, which displays transcript status of all training for a manager's direct reports, and allows the manager to view the transcript details for any learning object listed on the report. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates.

Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record.

Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint.

Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role.

Reports - Track Employee

Additional Permissions

A full list of all permissions is also available. See Security Permissions.