Permissions for Cornerstone HR
This page contains permissions that may apply to organizations using the Cornerstone HR solution.
Benchmark Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Benchmark Total Access | This permission provides total access to the Benchmark metrics and functionality. | Benchmark - Administration |
Core Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Access FTP Account - View | Grants access to the FTP account landing page where the available accounts are displayed. Currently, this permission cannot be constrained. | Core Administration |
| Access Partner Authorization - Manage | Grants ability to manage partner authorized access to portal via Partner Access Administration. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Announcements - View | Grants ability to view announcements created by others, via the Welcome Page Inbox widget or the Announcements page. This is an end user permission. | Core |
| Available Languages - Modify | Grants access to choose what languages to which learning objects may be associated when users search for training. This is an administrator permission. | Core Administration |
| Badge & Point Preferences - Manage | Enables user to access and edit preferences on the Badge & Point Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration. |
| Batch Edit Users | Grants ability to modify user records in bulk. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Capabilities - Skills Profile - View | Grants ability to view an employee Skills Profile. Users who have this permission may view the Skills Profile for anyone in the organization. However, individual ratings have privacy settings that control visibility within the Skills Profile. This permission cannot be constrained. This is an end user permission. | Core Administration |
| Capability Library - Manage | Grants ability to create, edit, copy, delete, import, and approve capabilities via the Capability Library. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Capability Preferences - Manage | Grants ability to create and edit expertise levels and rating scales for capabilities via Capabilities Preferences. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Change User Passwords - Administrator | Grants ability to change the portal password of another user. This permission works in conjunction with the Users - View permission. This permission can be constrained by User's Corporation, OU, User's OU, User's Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Corporate Logo List - View | Grants access to select header logo from the corporate list of images. User must also have Display Preference permission. This is an administrator permission. | Core Administration |
| Corporate Preferences - Manage | Grants ability to manage Corporate Preferences, which includes several portal-wide settings. This is an administrator permission. | Core Administration |
| Corporate Preferences: Lockout Preferences - Manage | Grants ability to configure the Lockout Preferences on the Corporate Preferences page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Custom Login Page - Manage | Grants access to create and edit custom login pages for the portal. Administrators with this permission can also enable or disable a custom login page and identify the default login page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Custom Pages - Manage | Grants access to create and edit custom pages for the portal. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Deep Link: Base URL Control | Allows administrator to define the Base URL for all SSO module links. This is an administrator permission. | Core Administration |
| Deep Link: Manage | Allows administrator to define the Base URL for all SSO module links. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Deep Link: View Modules | Allows administrator to view the deep links URLs. This is an administrator permission. | Core Administration |
| Define Fiscal Year | Grants ability to set the fiscal year for aggregating annual training hours completed by users for display on the transcript page. This is an administrator permission. | Core Administration |
| Display Preferences - Manage | Grants ability to configure Display Preferences, including Navigation Tab theme and settings and header logo displayed to end users. This is an administrator permission. | Core Administration |
| Display Preferences - Upload Logo | Grants access to upload an image on the Display Preference Page. User must also have Display Preference permission. This is an administrator permission. | Core Administration |
| Duplicate User Management Preferences - Manage | Grants ability to access and configure management of duplicate records, including parameters used to prevent duplicates. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Email Preferences - Manage | Grants ability to manage Email Preferences, which includes defining end users' ability to change their email address and the associated email notifications when emails are changed. This is an administrator permission. | Core Administration |
| Employee Recognition Preferences - Manage | Grants ability to create and edit employee recognition awards for use by end users. This is an administrator permission. | Core Administration |
| Global Email Administration - Manage | Grants ability to manage email trigger templates across all active modules in the portal. Enables creating, editing and deleting email message templates for various system actions and workflows. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Global Email Administration - View | Grants view only access to email templates/triggers and email logs at the global level for the portal. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Global Search Preferences - Manage | Grants ability to configure Global Search Preferences. This is an administrator permission. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. By default, this permission is constrained to the organization. | Core Administration |
| Grant Employee Recognition | Enables users to grant recognition awards to others, using a predefined list of awards created by administrators. This is an end user permission. | Core |
| Help Link - Manager | Provides access to view the User and Manager topics in online help. This is a manager permission. | Core |
| Help Link - System Administrator | Provides access to view the User, Manager and System Administrator topics in online help. This is an administrator permission. | Core |
| Help Link - User | Provides access to view the End User topics in online help. This is an end user permission. | Core |
| Insights Dashboard | Allows user to access Insights Dashboard. This permission cannot be constrained. | Core |
| Language Preferences - Manage | Grants ability to set default language for portal/OU and set whether end users may adjust their own portal display language. This is an administrator permission. | Core Administration |
| Log In Message - Manage | Grants access to create a message that appears upon portal login to all users or a selected group/subset of users. This is an administrator permission. This permission can be constrained by OU and User's OU. | Core Administration |
| Marketing Emails - Manage | Grants ability to create and send ad hoc emails to populations of users based on their assigned org units, groups, or by user name. This is an administrator permission. | Core Administration |
| My Account Devices - Manage | Manage device registrations from My Account. This permission cannot be constrained. This is an end user permission. | Core |
| My Account Social - Manage | Grants ability to view and manage third party profile connections on the Social page in My Account. This is an end user permission. | Core |
| MyTeam Comments - Manage | Grants ability for manager (or others depending on constraints) to view Comments previously entered about their direct and indirect reports and also create new comments as well as attach files to comments. This permission can be constrained by OU, User's OU, User's Direct Reports, User, and User Self and Subordinates. The permission constraints determine for which users the Comments tab is available when viewing a user in My Team. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. Note: If the user's permission is also constrained by User Self and Subordinates, then this overrides the User's Direct Reports constraint. | Core |
| MyTeam Search by OU | Grants ability to allow users to search by division and position when viewing MyTeam. The constraints upon this permission determine the OUs that are available within the search. Note: By design, for any My Team permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. | Core |
| My Team/Talent Profile Preferences | Grants ability to set display preferences for the My Team and Talent Profile screens. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Navigation Tabs and Links - Manage | Grants ability to manage Navigation Tabs and Links for the portal. This permission can be constrained by OU, User's OU, and User's Corporation. This is an administrator permission. | Core Administration |
| Organizational Unit Custom Fields - Manage | Grant Access to create and edit custom fields for Org Units. This is an administrator permission. | Core Administration |
| Org Chart - Preferences |
Grants access to the Org Chart Preferences page. This permission cannot be constrained. |
Core |
| Org Chart by Organization - View |
Grants access to the Organization tab on the new Org Chart page. This permission cannot be constrained. This permission works in conjunction with the Org Chart - View permission. For users who do not have this permission, the Organization tab will not be available. Note: This permission pertains to the new Org Chart functionality that is released with the February '17 release. The new Org Chart functionality is only available for organizations with Cornerstone HR, Succession, or View. |
Core |
| OU Group - Update | Grants access to edit existing custom groups of users. This permission can be constrained by OU, User's OU, and Provider. This is an administrator permission. | Core Administration |
| OU Group - View | Grants access to view existing custom groups. This permission can be constrained by OU. This is an administrator permission. | Core Administration |
| OU Hierarchy - Manage | Grants ability to create and update/edit organizational units. This permission grants access to all OU types, both standard and custom. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration |
| Password Preferences - Manage | Grants ability to manage Password Preferences, which includes specifying the settings for users to change their own password, or for the system to generate an anonymous password, set the specific password requirements and allowing users to reset password by answering security questions. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration |
| Prevent Duplicate Users - Reconcile | Grants ability to view user accounts that have been identified as potential duplicates. Administrators can only view pending user records that were created by administrators who are within the constraints on this permission. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration |
| Report Delivery Preferences | Provides access to report delivery preferences, which enables administrators to set the preferences related to custom report delivery. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration |
| Reset Password and Public Keys - Manage | Grants ability to manage FTP account login password and public keys when applicable. Currently, this permission cannot be constrained. | Core Administration |
| Security Administration - General Constraints | Grants access to apply general constraints to permissions when creating/editing a security role. This permission works in conjunction with the Security Administration - Manager permission. This is an administrator permission. | Core Administration |
| Security Administration - Manage | Grants ability to create, modify and constrain security roles within the portal, and assign users to those security roles. This permission can be constrained by OU, User's OU, User, and User Self and Subordinates. This is an administrator permission. | Core Administration |
| Self-Registration and User Record Custom Fields - Manage | Grants access to manage custom fields for user Self Registration and the user record in Custom Field Administration. This permission can be constrained by OU and User's OU. This is an administrator permission. | Core Administration |
| Share Manager/Approver Permissions | Enables managers and approvers to delegate certain types of approvals and MyTeam viewing permissions to others. This permission is only relevant to managers and approvers. | Core |
| Single Sign On - CSOD Certificate | Grants ability to view, manage, and upgrade SSO certificates and configurations. This is an administrator permission. This permission cannot be constrained. | Core Administration |
| SSO Link to Cornerstone Success Center | Grants access to an in-portal link to the Cornerstone Success Center sign in page. This is an administrator permission that should be limited to authorized client users of the Cornerstone Success Center. | Core Administration |
| Support Information - Manage | Grants ability to manage Support Information, which includes specifying an email address and phone number for end users to contact for portal support. This permission works in conjunction with the Corporate Preferences permission. This is an administrator permission. | Core Administration |
| Task - View | Grants ability to view assigned tasks via Scheduled Tasks screen and Welcome Page My Tasks widget. This is an end user permission. | Core |
| Time Zone Preferences - Manage | Grants ability to set default time zone for portal/OU and set whether end users may adjust their own portal time zone. This is an administrator permission. | Core Administration |
| Training Data Merge - View | Grants ability to view past training record merges. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. Which records are displayed in the History section is dependent on creator constraints. This is an administrator permission. | Core Administration |
| Universal Profile - User Record - Create Users | Grants ability to access the User Record Administration page and to create new users in the system. When creating a new user, this permission grants the ability to add general information, which includes first name, last name, username, assigned OUs, and custom relationships. The administrator must have additional permissions to add any additional fields. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Universal Profile - User Record - Edit Users | Grants ability to edit user records in the system. The administrator must have additional permissions to edit specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. Note: This permission DOES NOT grant the ability to view user records in the system. Administrators must have the Universal Profile - User Record - View Users permission in order to view user records. | Core Administration |
| Universal Profile - User Record - View Users | Grants ability to view user records in the system. Administrators can view the Modification History page for user records within their constraints. The administrator must have additional permissions to view specific fields on the user record. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| User - Edit Absent Status on My Account Page | Allows user to change absent status on My Account page. This is an end user permission. | Core |
| User Preferences - Core Information: View | Grants ability to view the User Preferences administrator page. This permission does not allow administrators to modify the preferences. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| User Preferences - Leave Types: Manage | Grants ability to manage Leave Types on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| User Preferences - Reasons for Change: Manage |
Grants ability to define and configure Reasons for Change on the User Preferences administrator page, which may be used when modifying the user record. The administrator must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission is also required to view and set the Reason for Change field when editing a user record. This permission cannot be constrained. This is an administrator permission. |
Core Administration |
| User Preferences - Termination Reasons: Manage | Grants ability to manage Termination Reasons on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| User Preferences - User Statuses: Manage | Grants ability to manage User Statuses on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| User Preferences - User Types and Subtypes: Manage | Grants ability to manage User Types and Subtypes on the User Preferences administrator page. Administrators must also have the User Preferences - Core Information: View permission to access the User Preferences page. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| User Rating Templates - Manage |
Grants ability to manage feedback templates for capabilities. This permission cannot be constrained. This is an administrator permission. This permission only works when used in conjunction with the User Rating permission. |
Core Administration |
| User Ratings - View Ratings About Other Users | Grants ability to view ratings history and rating details about other people regardless of the visibility settings on the ratings. This permission does not bypass visibility ratings about yourself, which means users cannot use this permission to view ratings provided about themselves that are otherwise not visible to them. This permission is intended for an administrator or talent partner who needs broad access to all ratings occurring within the portal. This permission cannot be constrained. | Core Administration |
| User Ratings | For end users, this permission grants ability to perform ratings and view ratings. For administrators, this permission is required along with the specific user ratings administration permissions to edit rating scales or templates. This permission cannot be constrained. | Core Administration |
| User Record Custom Field Configurable Validations - Manage | Grants ability to manage the configurable validations for user record custom fields within Custom Field Administration. This permission cannot be constrained. This is an administrator permission. This permission is only available to organizations that are using Cornerstone HR. | Core Administration |
| User Upload Photo | Enables users to upload their photo to their user record, via the My Account screen. This is an end user permission. | Core |
| Users - Edit Bypass User Purging | Grants ability to set individual users to bypass user purging on the Edit Users page. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. The availability of this permission is controlled by a backend setting. To enable this functionality, contact Global Customer Support. | Core Administration |
| Users - Edit Core Information |
Grants ability to add users and edit core information on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View and Users - View Core and Edit Custom Fields permissions. This permission cannot be constrained. This is an administrator permission. Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:
This permission is obsolete following the retirement of the legacy User Record in the May '17 release. |
Core Administration |
| Users – Edit Custom Field Information | Grants ability to view and edit the custom fields on a user record. Administrators are only able to edit a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Users – Edit General Information | Grants ability to edit the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Users - Edit Local System ID | Enables administrator to modify the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Users - Edit Middle Name | Grants ability to modify the middle name for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. | Core Administration |
| Users - Edit Personal Email Address |
Enables administrator to edit the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator. |
Core Administration |
| Users - Edit Prefix | Grants ability to modify the prefix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. | Core Administration |
| Users - Edit Secure User Custom Fields - Unmasked | Grants the ability to edit secure user custom field info unmasked. This permission can be constrained by OU, Restrict to User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. | Core Administration |
| Users - Manage Secure User Custom Fields | Grants the ability to manage the setting secure user custom fields. This permission can be restrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. | Core Administration |
| Users - View Secure User Custom Fields - Masked | Grants the ability to view secure user custom field info masked. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, Employee Relationship. This is an administrator permission. | Core Administration |
| Users - Edit Sensitive Information: Unmasked | Grants ability to view and edit unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view and edit the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. | Core Administration |
| Users - Edit Signature | Grants ability to modify the signature font for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. | Core Administration |
| Users - Edit Suffix | Grants ability to modify the suffix for a user's name via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. | Core Administration |
| Users - Edit User ID | Enables administrator to modify the User ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Absent Status | Enables administrator to modify the Absent status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Active Status | Enables administrator to modify the Active status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Address | Enables administrator to modify the address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Approver | Enables administrator to modify the specified Approver for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Email | Enables administrator to modify the Email Address for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Fax | Enables administrator to modify the Fax number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Language | Enables administrator to modify the portal display language for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Last Hire Date | Enables administrator to modify the Last Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Manager | Enables administrator to modify the assigned Manager for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Original Hire Date | Enables administrator to modify the Original Hire Date for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Phone | Enables administrator to modify the Phone number for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Photo | Enables administrator to upload a photo for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Reconciliation | Enables administrator to modify the Reconciliation status for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Required Approvals | Enables administrator to modify the number of required training approvals for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Time Zone | Enables administrator to modify the portal time zone for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Edit Users Type and Status | Enables administrator to view and modify the type and status information for a user via the User Record. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - Manage OU Based Regex | Grants access to manage OU-based Regex patterns for user custom fields. This permission cannot be restrained. This is an administrator permission. | Core Administration |
| Users - Unlock Accounts | Grants ability to unlock user accounts that are currently locked. This permission can be constrained by OU, User's OU, User's Subordinates, and User. This is an administrator permission. | Core Administration |
| Users - View Approver Search | Enables those who can search for and view users via the Admin/User screen to search by users' assigned approver. This permission only works when assigned in conjunction with the Users - View permission. | Core Administration |
| Users - View Core and Edit Custom Fields |
Grants ability to view core information on a user record, including first name, last name, username, assigned OUs, custom relationships, and custom fields. This permission also includes the ability to edit any custom fields that are visible to the administrator. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. This is an administrator permission. Note: When the User Record Redesign is enabled in a portal, this permission is disabled. Administrators who previously had this permission are automatically assigned the following permissions:
This permission is obsolete following the retirement of the legacy User Record in the May '17 release. |
Core Administration |
| Users - View Criteria Search | Enables those who can search for and view users via the Admin/User screen to search by OU and Group criteria. This permission only works when assigned in conjunction with the Users - View permission. | Core Administration |
| Users – View Custom Field Information | Grants ability to view the custom fields on a user record. Administrators are only able to view a custom field on a user's user record if the user is within their permission constraints and the administrator is within the availability of the custom field. This permission works in conjunction with the Users - View permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Users – View General Information | Grants ability to view the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Universal Profile - User Record - View Users permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission. | Core Administration |
| Users - View Local System ID | Enables administrator to view the Local System ID for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. This permission cannot be constrained. This is an administrator permission. | Core Administration |
| Users - View Manager Search | Enables those who can search for and view users via the Admin/User screen to search by users' assigned manager. This permission only works when assigned in conjunction with the Users - View permission. | Core Administration |
| Users - View Middle Name | Grants ability to view the middle name for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. | Core Administration |
| Users - View Mobile Phone | Grants ability to view the Mobile Phone number for a user via the Admin/Users screen. The availability of this permission is controlled by a backend setting. This permission only works when used in conjunction with the Users - View permission. | Core Administration |
| Users - View Modification Details | Grants ability to view the Modification Details on the User Record and view User Audits fields when creating a User custom report. This permission only works when used in conjunction with the Users - View permission. This is an administrator permission. | Core Administration |
| Users - View Personal Email Address | Enables administrator to view the Personal Email Address for a user via the admin/users screen. This permission cannot be constrained. This is an administrator permission. By default, this permission is included in the System Administrator security role and parent roles of System Administrator. | Core Administration |
| Users - View Prefix | Grants ability to view the prefix for a user's name via the Admin/User screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users and Users - View General Information permissions. This is an administrator permission. | Core Administration |
| Users - View Sensitive Information: Masked | Grants ability to view masked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission cannot view the actual data. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. | Core Administration |
| Users - View Sensitive Information: Unmasked | Grants ability to view unmasked Sensitive Personally Identifiable Information (SPII) fields on the user record. Administrators with this permission have the option to view the actual data on the user record. This permission can be constrained by OU, User's OU, User's Self, User's Subordinates, User's Direct Subordinates, User, and Employee Relationship. This is an administrator permission. | Core Administration |
| Users - View Signature | Grants ability to view the signature font for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. This is an administrator permission. | Core Administration |
| Users - View Suffix | Grants ability to view the suffix for a user's name via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View User ID | Enables administrator to view the User ID for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Absent Status | Enables administrator to view the Absent status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Active Status | Enables administrator to view the Active status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Address | Enables administrator to view the address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Approver | Enables administrator to view the specified Approver for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Email | Enables administrator to view the Email Address for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Fax | Enables administrator to view the Fax number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Language | Enables administrator to view the portal display language for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Last Hire Date | Enables administrator to view the Last Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Manager | Enables administrator to view the assigned Manager for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Original Hire Date | Enables administrator to view the Original Hire Date for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Phone | Enables administrator to view the Phone number for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Photo | Enables administrator to view a photo for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Reconciliation | Enables administrator to view the Reconciliation status for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Required Approvals | Enables administrator to view the number of required training approvals for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Time Zone | Enables administrator to view the portal time zone for a user via the Admin/Users screen. This permission only works when used in conjunction with the Universal Profile - User Record - View Users permission. | Core Administration |
| Users - View Users Type and Status | Grants ability to view user type and status information on the User Record. This permission cannot be constrained. This permission only works when used in conjunction with the Users - View and Users - Edit permissions. | Core Administration |
| Users - View | Grants ability to search for and view summary information about users in the portal via the Admin/Users screen. This permission can be constrained by OU, User's OU, User Self and Subordinates, and Users. If multiple constraints are added, these constraints are considered OR statements. This is an administrator permission. | Core Administration |
| Welcome Page - View | Grants access to view Welcome Page. This permission cannot be constrained. This is an end user permission. | Core |
| Work Force Planning - Administrator | Grants access to the Headcount Planning page. Users with this permission can also create new headcount plans for any part of the organization, as well as create subplans that have been assigned to them. Administrators can only view plans that they have created or to which they were assigned as a Co-Planner or Primary Planner. This is an administrator permission. | Core Administration |
| Work Force Planning - Cost Model Manager |
Allows user to upload and manage costing files and exchange rates for Planning. |
Core Administration |
| Work Force Planning - Owner | Grants owner-level access to plans. Users with this permission can view their assigned plans and can create plans. This permission cannot be constrained. | Core Administration |
| Work Force Planning - Subplanner | Grants the ability to complete subplans that have been assigned to the user as a Primary Planner or a Co-Planner. Users with this permission cannot create new headcount plans or view all plans. Within the plans assigned to them, users can assign subplans to their direct reports. | Core Administration |
Forms Management and Administration Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Form Proxy Completion - Manage | Allows administrator to configure the Proxy Availability settings for a form. These settings determine which users can complete the form on behalf of other users and for which users they can complete the form. This permission can be constrained by OU, User's OU, User, and Employee Relationship. This is an administrator permission. | Forms Administration |
| Form Task Administration - Manage | Grants access to the Form Task Administration functionality. This permission can be constrained by OU and User's OU. This is an administrator permission. | Forms Administration |
| Question Bank - Manage | Grants access to the Question Bank functionality. This permission can be constrained by OU and User's OU. This is an administrator permission. | Forms Management Administration |
Universal Profile Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Action Items - Forms | Grants ability to view Form actions via the Universal Profile - Actions page or the Welcome/Custom page Actions widget. This permission cannot be constrained. | Universal Profile |
| Action Items - View | Grants ability to view action items on the Action Items page and in the Your Action Items widget. Users without this permission cannot access the Action Items page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, and User's Self. This is an end user permission. | Universal Profile |
| Bio About Preferences - Manage | Enables administrator to access and edit the Bio About Preferences page. The availability of this permission is controlled by a backend setting. This permission can be constrained by OU and User's OU. This is an administrator permission. | Universal Profile |
| Bio Career Preferences - View | Grants ability to view the Bio - Career Preferences page for users within the permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User's Direct Reports, User's Self, and User. | Universal Profile |
| Documents - Delete | Enables user to delete a file that has been uploaded to the Snapshot - Documents page. The constraints on this permission determine which documents the user can delete. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, Self and Direct Reports, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. | Universal Profile |
| Feedback - View and Post | Enables user to view the Feedback page of the Universal Profile and to post feedback. Users can only view the Feedback page for users within their permission constraints. Similarly, users can only post feedback for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Self, and Employee Relationship. This is an end user permission. | Universal Profile |
| Feedback Details - View | Enables user to view the Feedback Details page and provide feedback when they are requested to provide feedback. This permission cannot be constrained. This is an end user permission. | Universal Profile |
| Feedback Preferences - Manage | Enables administrator to access and edit the Feedback Preferences page. From this page, administrators can configure which options are available when users are requesting and providing feedback within the Universal Profile: Feedback page. This permission can be constrained by OU and User's OU. This is an administrator permission. | Universal Profile |
| Feedback - Request for other users | Enables user to request feedback on behalf of other users from their Feedback page. This permission can be constrained by User's Subordinates, Direct Reports, and Custom Relationship. | Universal Profile |
| Snapshot - Badges | Enables user to view the Badges widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Any user with this permission will always be able to view their own Badges widget when the widget is enabled. Best Practice: For most users, this permission should be constrained by User Self and Subordinates.
With the Aug '17 release, this permission also allows end users to view the Badges field on the Learner Home page. |
Universal Profile |
| Snapshot - Competencies | Enables user to view the Competencies widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. | Universal Profile |
| Snapshot - Development Plans |
Enables user to view the Development Plans widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. |
Universal Profile |
| Snapshot - Goals |
Enables user to view the Goals widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission also enables the user to view the My Goals page for users within their permission constraints via the View All Goals option in various pages in Universal Profile. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. |
Universal Profile |
| Snapshot - Leaderboard | Enables user to view the Leaderboard widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission works in conjunction with the Snapshot Main - View permission. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Any user with this permission will always be able to view their own Leaderboard widget when the widget is enabled. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. | Universal Profile |
| Snapshot - Peers | Grants ability to view the Peers widget within the Universal Profile - Snapshot page. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User, User's Self, User's Subordinates, and User's Direct Reports. This is an end user permission. | Universal Profile |
| Snapshot - Reviews |
Enables user to view the Reviews widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, User's Direct Reports, and Employee Relationship. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. |
Universal Profile |
| Snapshot Documents - View | Grants ability to view the Documents widget and subpage within the Universal Profile - Snapshot page. This permission can be constrained by Employee Relationship, OU, User's OU, User's Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. This is an end user permission. | Universal Profile |
| Snapshot Folder Preferences - Manage | Enables administrator to view the Folder Preferences Admin page and manage folder creation, access, and deletion for the Documents page within Universal Profile: Snapshot. This permission cannot be constrained. This is an administrator permission. | Universal Profile |
| Snapshot Main - View | Enables user to view the Snapshot page for users within their permission constraints. This permission can be constrained by Employee Relationship, OU, User's OU, User Self and Subordinates, User, User's Self, User's Manager, User's Superiors, User's Subordinates, and User's Direct Reports. Best Practice: For most users, this permission should be constrained by User Self and Subordinates. | Universal Profile |
| Snapshot Preferences – Manage | Enables administrator to access and edit the Snapshot Preferences page. This permission can be constrained by Employee Relationship, OU, and User's OU. This is an administrator permission. | Universal Profile |
| Snapshot Succession – Manage | Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view and manage successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. | Universal Profile |
| Snapshot Succession - View | Enables user to view the Succession widget and subpage within the Universal Profile - Snapshot page for users within their permission constraints. On this page, users can view successors and successor ratings. Users cannot view their own Succession widget and subpage, regardless of permissions. This permission can be constrained by OU, User's Subordinates, User's Direct Subordinates, and Employee Relationship. For most users, this permission should be constrained by User Self and Subordinates. | Universal Profile |
| Universal Profile Preferences - Manage | Enables administrator to access and edit the Universal Profile General Preferences page. This permission can be constrained by OU and User's OU. This is an administrator permission. | Universal Profile |
View Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| View Data: Preferences | Grants access View Data Preferences. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Subordinates, User's Direct Subordinates, and User's Corporation. | View |
| View Data: View | Grants access to View Data. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Subordinates, User's Direct Subordinates, and User's Corporation. | View |
| View People Preferences Page | Grants access to the View People Preferences page, which allows administrators to configure the View People page according to their needs per organizational unit (OU). This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User's Subordinates. | View |
| View People: Share | Grants access to open View People to view shared lists. Can dynamically grant access to users to only view the lists that have been shared with the user. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports, and User's Subordinates. | View |
| View People: View | Grants access to open View People to see results and share lists. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, and User's Subordinates. | View |
Edge and Data Load Permissions
Data Load Wizard Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Data Load Wizard - Compensation | Enables administrator to load compensation data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Data Load Queue | Enables administrator to access the Data Load Queue screen, which displays all data loads, including current and past loads. Constraints can be applied to this permission. However, these constraints do not impact which data loads are visible to the administrator. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Events | Enables administrator to load event data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Feed Configuration: Compensation – Create | Enables administrator to access the Feed Summary page in order to create and edit compensation data feeds. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Feed Configuration: Compensation – Run Feed | Enables administrator to access the Feed Summary page in order to manually run a compensation data feed once it has been created. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Feed Configuration: Compensation - Save | Enables administrator to access the Feed Summary page in order to view and edit compensation data feeds. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Group Data Load | Enables administrator to load group data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This permission cannot be constrained. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Learning | Enables administrator to load learning data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Load Transcripts | Enables administrator to load transcript data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Manage Templates | Enables administrator to access the Manage Templates page within the Data Load Wizard. From the Manage Templates page, administrators can view, download, and archive templates. This permission cannot be constrained. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - OUs | Enables administrator to load OUs. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Resume | Enables administrator to load resume data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Set User Password | Enables administrator to set a default password for new users when loading users. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Track Data Loads | Enables administrator to access the Track Data Loads page within the Data Load Wizard. From the Track Data Loads page, administrators can print and download error and archive logs. This permission cannot be constrained. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Translator | Enables administrator to load learning object (LO) translation data via the Data Load Wizard. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Users | Enables administrator to load users. This permission also enables administrators to track data loads and manage data load templates. This is an administrator permission. | Data Load Wizard |
| Data Load Wizard - Enable User GUID | Enables the GUID in the Data Load Wizard User Load and mapping template. This enables organizations to include the GUID as the primary key for user data loads. This permission cannot be constrained. | Data Load Wizard |
Edge Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Access Edge Bulk API History | Grants access to the Bulk API History page, which displays all the loads that have been performed using the Bulk API. Administrators can select a load to view additional details of the load, including the results. This permission cannot be constrained. This is an administrator permission. | Edge |
| Access Edge Bulk API |
Grants ability to access and utilize the Bulk API. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Cost Center OU |
Grants ability to use the Bulk API to load cost center organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Custom OU |
Grants ability to use the Bulk API to load custom organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Division OU |
Grants ability to use the Bulk API to load division organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Employee |
Grants ability to use the Bulk API to load employee data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Grade OU |
Grants ability to use the Bulk API to load grade organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Legal Entity OU |
Grants ability to use the Bulk API to load legal entity organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Location OU |
Grants ability to use the Bulk API to load location organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Bulk API - Position OU |
Grants ability to use the Bulk API to load position organizational unit (OU) data. This permission cannot be constrained. This is an administrator permission. This permission is only available when the Bulk API is enabled via Edge Marketplace. |
Edge |
| Edge APIs - Manage | Grants ability to manage Edge APIs on the API Management page. | Edge |
| Edge Develop - API Explorer | Grants access to the API Explorer, which provides access to help documentation for various API applications. | Edge |
| Edge Integrations - Manage | Grants access to the Integrations service for Edge Integrate where the administrator can configure, enable, and disable their third-party integrations that are used within the Cornerstone system. This permission cannot be constrained. This is an administrator permission. | Edge |
Edge Import Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Access CHR - Employee Load | Grants access to the Cornerstone HR (CHR) employee data load via Edge Import. This permission and data load type are only available to organizations using CHR. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import | Grants access to the Edge Import tool, which enables administrators to load data into their portal. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Cost Center | Grants access to the Cost Center OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Custom OU | Grants access to the Custom OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Division | Grants access to the Division OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Grade | Grants access to the Grade OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Legal Entity | Grants access to the Legal Entity OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Location | Grants access to the Location OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access Edge Import Workflow - Position | Grants access to the Position OU data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Curriculum Transcripts Load | Grants access to the Curriculum Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Events Load | Grants access to the Events data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - External Training Load | Grants access to the External Training data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Facilities Load | Grants access to the Facilities data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - ILT Instructors Load | Grants access to the ILT Instructors data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - ILT Transcripts Load | Grants access to the ILT Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Material Transcripts Load | Grants access to the Material Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Online Course Assets Load | Grants access to the Online Course Assets data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Online Course Metadata Load. | Grants access to the Online Course Metadata data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Online Transcripts Load | Grants access to the Online Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Providers Load | Grants access to the Providers data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Question Category Load | Grants access to the Question Category data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Question Load | Grants access to the Question data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Session Parts Load | Grants access to the Session Parts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Sessions Load | Grants access to the Sessions data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Subjects Load | Grants access to the Subjects data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Test Mapping Load | Grants access to the Test Mapping data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Test Transcripts Load | Grants access to the Test Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Tests Load | Grants access to the Tests data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Video Transcripts Load | Grants access to the Video Transcripts data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Access LMS - Videos Load | Grants access to the Videos data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Create/Update Configurations | Grants ability to create and update Edge Import configurations. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Delete Configurations | Grants ability to delete Edge Import configurations. Users with this permission can delete configurations created by anyone for all types of data imports. This permission cannot be constrained. This is an administrator permission. | Edge Import |
| Edge Import - Load Employee Salary | Grants access to the employee salary data load via Edge Import. This permission cannot be constrained. This is an administrator permission. | Edge Import |
Reporting Permissions
Reporting 2.0 Permissions
The Reporting 2.0 functionality is controlled by a series of permissions that allow you to create more specific reports by report field. For this reason, permissions are at more of a granular level with this functionality.
The permissions are broken down by the main product level permission, section level, and then at the field level. For example, if you wanted to report on Instructor Led Training (ILT) in the system, you would need:
- The Reporting - Manage permission to create reports.
- The Reporting - View permission to preview reports and view reports.
- The top-level product specific permission to create reports related to that product.
- e.g. Reporting - Learning - Manage
- The section specific permission to create reports for that feature within the product.
- e.g. Reporting - Learning - ILT - Manage
- The field level permissions to be able to create reports with the specific fields for that feature within the product.
- e.g. Reporting - Learning - ILT - ILT Facility - Manage
If a user does not have each level of permission, then they may not have access to the report builder, or the section may not be visible, or the fields within the section may not be visible. Also, if a user does not have the top-level product permission, then none of the fields for that product will be visible, such as the fields for LMS reports.
The power of this granularity of permissions is that you can give access to as many or as few fields as necessary for your users. For example, you may give users access to the User section but not give them access to the User Identifier section if that contains sensitive data for your portal.
If a user has all relevant permissions, but the corpsetting for a particular area is set to FALSE, any fields related to that section will still appear blank in a report. An example where this could occur is SCORM 2004 quiz data.
Note: When a user has a top-level, section, or field level permission, it is not necessary to also assign the or permissions since the more granular product specific permissions will give the user access to Reporting 2.0.
Note: Due to sensitivity, users who need to report on Gender, Ethnicity and Grade information, would need the following permissions in addition to the reporting permissions:
- For Gender: User Upload - Gender
- For Ethnicity: User Upload - Ethnicity
- For Grades: View Grades
List of Permissions
For the full list of permissions and their relationships, see the permissions spreadsheet in Online Help.
Apply Owner Constraints Permission
The permission grants the ability to turn on the Apply Owner Constraints setting for reports in the Report Properties panel. This setting affects shared users, delivery, and reports published to dashboards.
When the setting is enabled, the report owner's constraints are applied to the report, and users that run the report will see the report with the report owner's constraints instead of their own. For reports published to dashboards the owner constraints are only applied if the underlying report is also shared with the user. If just the dashboard is shared, but not the report itself, the users own constraints are applied even though the toggle is set to apply owner constraints.
Due to the possibility of unintended user data becoming visible to a user viewing a report with the report owner's constraints, it is recommended that filters be added to the report to restrict data visibility. It is also recommended that the report owner test the report prior to sharing to ensure the data visibility is appropriate and intended.
Download Permission
The permission grants users the ability to download Reporting 2.0 reports. This permission cannot be constrained; however, when users download a report, any Reporting - View constraints are applied. Users with the permission see the download option on the Report Home and the Report Viewer.
For clients that have already opted in and previously activated Reporting 2.0, this new permission is added automatically to the System Administrator role and to any security role that currently has at least one Reporting - View permission.
For clients that are opting in and activating Reporting 2.0 for the first time with the August ’18 Release, this new permission is available to administrators in the System Administrator role who can then add the permission to other roles at their discretion. Users without this permission will not see any download options in the Report Home or the while Viewing Reporting 2.0 reports.
Email Delivery Permission
The permission grants the ability to deliver reports in Reporting 2.0. Users must also have permission to view reports. The permission can be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.
Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.
The following constraints are available for this permission:
- OU
- User’s OU
- User Self and Subordinates
- User
- User's Self
- User's Manager
- User's Superiors
- User’s Subordinates
- User’s Direct Subordinates
- Employee Relationship
Export Custom Report Details - View
This permission grants access to the Custom Reports Usage Report in Reporting 2.0. The report is available for administrators only.
The report can be accessed by clicking the button on the Reporting 2.0 homepage, and then clicking the Custom Reports Usage Report link in the Import Your Custom Reports flyout.
FTP Delivery Permission
The permission grants the ability to schedule delivery of Reporting 2.0 reports to an FTP directory. This permission cannot be constrained.
This permission is used in conjunction with the view permission for Reporting 2.0 and can also be used in conjunction with the various product, section, and field level permissions. Users must have permission to view Reporting 2.0 in order to have access to a report that is delivered to them. If they do not have view access, then the Reporting 2.0 navigation sublink will not display for them.
Users who have permission to manage Reporting 2.0 can edit a report that is delivered to them. They can also copy the delivered report.
Global Calculated Fields Permission
The permission grants the ability to publish calculated fields to all users. This permission cannot be constrained.
Note: Calculated fields can be created by all users who have permission to create reports in Reporting 2.0. However, in order to publish the calculated field globally, a user needs permission to manage global calculated fields.
Manage Custom Recruiting Integrations Permission
The permission grants access to build and manage reports in the Custom Integrations section. This permission cannot be constrained.
View Custom Recruiting Integrations Permission
The permission grants access to view the Custom Integrations section in reporting. This permission cannot be constrained.
Share Reports Permission
The option for sharing reports is only visible to users who have the Reporting - Share permission. Users without the permission can still receive shared reports, but constraints (for other permissions, such as Reporting - Core permissions) will be respected. For example, if you share a report that contains data around Location A and the user receiving the report is constrained to only see data for Location B, the report would not contain any records.
The following constraints are available for this permission:
- OU
- User’s OU
- User Self and Subordinates
- User’s Direct Report
- User
- User's Self
- User's Manager
- User's Superiors
- User’s Subordinates
- User’s Direct Subordinates
- Relationship
System Templates Permission
The permission grants users the ability to use all system templates. System templates are available for generating certain Learning, Core, and Performance data.
This permission works in conjunction with other Reporting 2.0 permissions. For example, users without the Reporting - Learning - View permission will not see any templates for Learning.
This permission is automatically added to the Cornerstone Administrator and System Administrator security roles in all portals that have self-enabled Reporting 2.0.
Sharing Reports Created with a System Template
When you share a report that was created using a template, the shared users will be able to view the report without needing to be granted the Reporting - System Templates permission. The permission is only needed for administrators who should distribute templates to their users.
Permission Constraints
Constraints exist at the section level for permissions. The following constraints are available:
Reports - Analytics (Custom Reports) Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Calculated Fields - Modify | Grants ability to view, modify, create, and delete any calculated fields that have been created by themselves or public fields in Analytics. This permission cannot be constrained. This permission works in conjunction with other Custom Report - Create permissions. | Reports - Analytics |
| Calculated Fields - View | Grants ability to view any calculated fields that have been created by themselves or public fields in Analytics. This permission cannot be constrained. This permission works in conjunction with other Custom Report - Create permissions. | Reports - Analytics |
| Custom Certification Report - View | Grants ability to view results of Custom Certification reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. | Reports - Analytics |
| Custom Compensation Report - Create | Grants ability to create and edit custom Compensation reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Compensation Report - View | Grants ability to view results of custom Compensation reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Competency Report - Create | Grants ability to create and edit custom Competency reports. This permission can be constrained by User Self and Subordinates, OU, User’s OU, User's Direct Subordinates, and User. | Reports - Analytics |
| Custom Competency Report - View | Grants ability to view results of custom Competency reports created by self or shared by others. This permission can be constrained by User Self and Subordinates, OU, User’s OU, User's Direct Subordinates, and User. | Reports - Analytics |
| Custom Connect Report - Create | Grants ability to create and edit custom Connect Communities reports. | Reports - Analytics |
| Custom Connect Report - View | Grants ability to view results of custom Connect reports created by self or shared by others. | Reports - Analytics |
| Custom Development Plan Report - Create | Grants ability to create and edit custom Development Plan reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. | Reports - Analytics |
| Custom Development Plan Report - View | Grants ability to view results of custom Development Plan reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User, and User's Direct Subordinates. | Reports - Analytics |
| Custom Engage Response Report - Create | Grants ability to create and edit custom Engage reports. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports. | Reports - Analytics |
| Custom Engage Response Report - View | Grants ability to view results of custom Engage reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User Self and Subordinates, User's Direct Reports. | Reports - Analytics |
| Custom Evaluations Reports - Create | Grants ability to create and edit custom Evaluation reports (training evaluation levels 1, 2, and 3). This permission can be constrained by OU, User's OU, and User's Direct Subordinates. | Reports - Analytics |
| Custom Evaluations Reports - View | Grants ability to view results of custom Evaluation reports (training evaluation levels 1, 2, and 3) created by self or shared by others. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. | Reports - Analytics |
| Custom Forms Report: Create |
Grants ability to create and edit custom Forms reports. This permission refers to creating custom reports for the Forms functionality. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Subordinates, and User. |
Reports - Analytics |
| Custom Forms Report: View |
Grants ability to view results of custom Forms reports created by self or shared by others. This permission refers to viewing custom reports for the Forms functionality. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Subordinates, and User. |
Reports - Analytics |
| Custom Job Pool Succession Report - Create | Grants ability to create and edit custom Job Pool Succession reports. This permission can be constrained by Position and User's Direct Subordinates. | Reports - Analytics |
| Custom Job Pool Succession Report - View | Grants ability to view results of custom Job Pool Succession reports created by self or shared by others. This permission can be constrained by Position and User's Direct Subordinates. | Reports - Analytics |
| Custom Goal Report - Create | Grants ability to create and edit custom Goals reports. This permission can be constrained by OU, User's OU, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Goal Report - View | Grants ability to view results of custom Goal reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Multi-Module Report - Create | Grants ability to create and edit custom Multi-Module reports. This permission works in conjunction with other Custom Report - Create permissions. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User. | Reports - Analytics |
| Custom Multi-Module Report - View | Grants ability to view results of custom Multi-Module reports created by self. This permission works in conjunction with other Custom Report - View permissions. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User. | Reports - Analytics |
| Custom Observation Checklist Report - View | Grants ability to view Observation Checklist Reports in Analytics. This permission can be constrained by OU, User's OU, User, User's Self, User's Manager, User's Subordinates, User's Direct Reports, User's Superiors, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Talent Pool Report - Create | Grants ability to create and edit Custom Talent Pool Reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Talent Pool Report - View | Grants ability to view results of Custom Talent Pool Reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Training Form Management Reports - Create | Grants ability to create and edit custom Training Form Management reports. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. | Reports - Analytics |
| Custom Training Form Management Reports - View | Grants ability to view custom Training Form Management reports. This permission can be constrained by OU, User's OU, and User's Direct Subordinates. | Reports - Analytics |
| Custom Training Forms - Curricula Report - Create | Grants ability to create and edit custom Training Forms - Curricula reports. | Reports - Analytics |
| Custom Training Forms - Curricula Report - View | Grants ability to view custom Training Forms - Curricula reports. | Reports - Analytics |
| Custom Performance Reports - Create | Grants ability to create and edit Custom Performance reports. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Performance Reports - View | Grants ability to view results of Custom Performance reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Performance Review Report - Create | Grants ability to create and edit custom Performance Review reports. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Performance Review Report - View | Grants ability to view results of custom Performance Review reports created by self or shared by others. This permission can be constrained by OU, User's OU, User's Self and Subordinates, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Recruiting Report - Access Historical Status Section | Grants ability to view and access fields from the Historical Status section of Custom Recruiting reports. This permission can be constrained by Division, Position, and Location. | Reports - Analytics |
| Custom Recruiting Report - Create | Grants ability to create and edit Custom Recruiting reports. This permission can be constrained by Division, Position, Location, and User's Direct Subordinates. | Reports - Analytics |
| Custom Recruiting Report - View | Grants ability to view results of Custom Recruiting reports created by self or shared by others. This permission can be constrained by Division, Position, Location, and User's Direct Subordinates. | Reports - Analytics |
| Custom Resume Report - Create | Grants ability to create and edit custom Resume reports. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Resume Report - View | Grants ability to view results of custom Resume reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Succession Report - View | Grants ability to view results of Custom Succession Management (SMP) Reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, User's Direct Subordinates, and User's Subordinates. | Reports - Analytics |
| Custom Test Reports - Create | Grants ability to create and edit custom Test reports (Test Engine data). This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Test Reports - View | Grants ability to view results of custom Test reports (Test Engine data) created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Training Plan Report - View | Grants ability to view results of training plan (Training Demand Forecast) custom reports created by self or shared by others. This permission can be constrained by OU, User's OU, User, User's Direct Subordinates, and User Self and Subordinates. | Reports - Analytics |
| Custom Training Reports - Create | Grants ability to create and edit Custom Training (Catalog) reports. This permission can be constrained by Provider. Note: When the constraint is set for the permission, users will only be able to view training data for the constrained providers. | Reports - Analytics |
| Custom Training Reports - View | Grants ability to view results of Custom Training (Catalog) reports created by self or shared by others. This permission can be constrained by Provider. Note: When the constraint is set for the permission, users will only be able to view training data for the constrained providers. | Reports - Analytics |
| Custom Training Unit Distributor Reports - View | Grants access to view the Training Unit Distributor Report in Analytics, which displays training unit information for distributed training units. This permission can be constrained by User, User's OU, and User Self and Subordinates. | Reports - Analytics |
| Custom Training Unit Key Code Reports - View | Grants access to view the Training Unit Key Code Report in Analytics, which displays training unit information for key codes. This permission can be constrained by OU, User’s OU, User Self and Subordinates, User, User’s Self, User’s Manager, User’s Superiors, User’s Subordinates, User’s Direct Reports. | Reports - Analytics |
| Custom Transaction Reports - Create | Grants ability to create and edit Custom Transaction (Billing) reports. | Reports - Analytics |
| Custom Transaction Reports - View | Grants ability to view results of Custom Transaction (Billing) reports created by self or shared by others. | Reports - Analytics |
| Custom Transcript Reports - Create | Grants ability to create and edit Custom Transcript (Training Record) reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom Transcript Reports - View | Grants ability to view results of Custom Transcript (Training Record) reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom User Reports - Create | Grants ability to create and edit Custom User reports. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Custom User Reports - View | Grants ability to view results of Custom User reports created by self or shared by others. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User's Direct Subordinates. | Reports - Analytics |
| Preview Custom Reports | Grants ability to preview custom reports when creating and editing, before changes are saved. This permission works in conjunction with custom report create permissions. This permission cannot be constrained. | Reports - Analytics |
| Report Delivery - Email | Enables creators of custom reports to schedule delivery of the report to their email address. This permission works in conjunction with custom report - create permissions. | Reports - Analytics |
| Report Delivery - FTP | Enables creators of custom reports to schedule delivery of the report to an FTP directory. This permission works in conjunction with custom report - create permissions. | Reports - Analytics |
| Reports Inside a Folder - Share | Grants only users with this permission the ability to share all custom reports within a report folder in a single action. This permission can be constrained by User, OU, or User's OU. Note: You must also have permission to create the corresponding report type to share the report. | Reports - Analytics |
Reports - Dashboards Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Dashboard - Create | Grants the ability to create a dashboard of one or more graphical standard reports and/or charts that can be saved and refreshed at-will to update the results on an ongoing basis. User must also have permission for at least one of the standard reports that are designated for use in dashboards, or for a Reporting 2.0 report with chart that has been published to Dashboards. If a user does not have permission to view a report type, the user cannot add that report type to the dashboard. | Reports - Dashboards |
| Dashboard - Share | Grants the ability to share a dashboard created by self with other users within the portal who may then view and refresh the results of the dashboard at-will. This permission works in conjunction with the Create Dashboard permission. | Reports - Dashboards |
| Dashboard - View |
Grants the ability to view dashboards created by self or shared by others. User must also have permission to view the standard, custom or Reporting 2.0 reports that are included in any shared dashboards. If a user does not have permission to view a report type, the user cannot view that report type within the dashboard. This is an end user permission. |
Reports - Dashboards |
Reports - System (Standard Reports) Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| OU Audit Report | Grants access to OU Audit report, which displays audit information for changes made to organizational units. This permission can be constrained by OU, User's OU, and User's Corporation. | Reports - System |
| OU Hierarchy Report | Grants access to OU Hierarchy Report, which displays details of each organizational unit for a selected OU type. | Reports - System |
| User Audit Report - Detailed | Grants access to the User Audit standard report, which displays detailed changes to user data. Users with this permission must also have permission to view user fields in other areas of the system. The users and fields available in this report are controlled by additional permissions. This permission can be constrained by OU, User's OU, User's Subordinates, User's Direct Subordinates, User's Self, User Self and Subordinates, User, and Employee Relationship. The constraints on this permission limit the users and OUs that are available when running the report. This is an administrator permission. | Reports - System |
| User Record as of a Date | Grants access to run the User Record as of a Date report, which displays user data as of a specified effective date. This permission can be constrained by OU, User's OU, User Self and Subordinates, and User. The constraints on this permission limit the users and OUs that are available when running the report. Also, the constraints are based on the data as of the effective date of the report. This is an administrator permission. | Reports - System |
| User Record Audit Report | Grants access to User Record Audit report, which displays user record modification history. The selected constraints function independently and are then combined to determine the availability for this report. | Reports - System |
| User's OUs and Groups Report | Grants access to User's OUs & Groups Report, which lists all of the OUs and Groups to which a user belongs, and can include OUs and Groups to which a user has belonged in the past. | Reports - System |
Reports - Track Employee (Standard Reports) Permissions
| PERMISSION NAME | PERMISSION DESCRIPTION | CATEGORY |
| Employee Transcripts - Manager/Approver Access |
Grants access to transcript (training record) screen of those for whom user is designated manager, approver or cost center approver. System administrators can access all user transcripts from this page. Link to this screen appears under Standard Reports/Track Employees. This is a manager/approver permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates. Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record. Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
| Form Management Status Report | Grants access to Form Management Status report, which displays form task status summary by user. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. | Reports - Track Employee |
| ILT No Show Report - Manager Version | Grants access to manager version of the ILT No Show Report, which displays attendance summaries and lists of subordinates who were registered for but did not attend any parts of instructor led training sessions. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. | Reports - Track Employee |
| ILT Session Withdrawal Report - Manager Version |
Grants access to Session Withdrawal report for subordinates of the user. The report displays subordinates who registered and later withdrew their registration, including reasons for withdrawal. This is a manager report. This permission can be constrained by Employee Relationship and User's Direct Subordinates. Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record. Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
| Past Training Requests Report |
Grants access to Past Requests, an interactive report that displays training requests the user has already approved, deferred, or denied. The user may change the approval decision for training that an employee has not yet registered for. This is an approver permission. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
| Track Employees - Employee Records |
Grants access to Employee Records, enabling manager to view basic user and transcript data for a single direct or indirect report. This is a manager permission. This permission can be constrained by User's Direct Subordinates. Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
| Track Employees - Past Due Report | Grants access to Employee Past Due report, which displays past due training for subordinate employees (system administrators see all employees). This is a manager report. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. | Reports - Track Employee |
| Track Employees - Training Progress Pie Chart |
Grants access to Employee Training Progress Summary Report, a pie chart report that displays transcript status on a single learning object for a manager's direct reports. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates. Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record. Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
| Track Employees - Training Status Summary Report |
Grants access to Employee Training Status Summary Report, which displays transcript status of all training for a manager's direct reports, and allows the manager to view the transcript details for any learning object listed on the report. This is a manager permission. This permission can be constrained by Employee Relationship and User's Direct Subordinates. Note: The Employee Relationship constraint allows administrators to constrain the permission to a user’s custom employee relationship. For example, an administrator can select to restrict the Matrix Manager relationship to viewing user data for users who have that Matrix Manager indicated on their user record. Note: The User's Direct Subordinates constraint allows administrators to constrain the data that a user can view to only the data for their direct reports. The user will not be able to view their own data with this constraint. Note: By design, for any Track Employees report permission that is included in the Manager default security role, all of the manager's direct and indirect reports are included in the constraints, even if they are not selected in the permission constraints for the role. |
Reports - Track Employee |
Additional Permissions
A full list of all permissions is also available. See Security Permissions.