Skip to main content

User rights for employees

User permissions are a feature that can be useful when you want to restrict specific functionalities for your employees.

Lennard Datema avatar
Written by Lennard Datema
Updated over 2 weeks ago

Permissions can be configured per module and per user group. To access the permissions settings, follow these steps: Go to Settings > look under the 'Account' tab > click on 'Users, user groups and permissions' > go to the tab ‘Permissions per user group’.

Employees are assigned to user groups and business profiles. This article explains the permissions that define what user groups can view/do and the effects of business profiles. More information about assigning employees to user groups and business profiles can be found in this article:

When configuring permissions, it is important to keep a few key points in mind. These are discussed first in this article. Finally, the permissions per module are explained one by one in detail.


Restrictive permissions
In general, enabling permissions grants the user group additional rights. Within the greyed-out (default) user group ‘All permissions’, everything is enabled. However, some permissions can be restrictive — these may cause, for example, sales processes or projects to become unintentionally hidden for a group of employees. Therefore, always ask yourself whether a permission restricts or grants access. Examples of restrictive permissions are: ‘Access only if user is the account manager’ or ‘Access only if user is the sales responsible’.

Later in this article, under ‘Permissions per module’, it will also be indicated when a permission is restrictive.


Interrelation of permissions
Some permissions affect each other, which can cause confusion. For example, the permission ‘View and edit all timesheets’ depends on the HRM permissions that determine which employees the user group can view. If you are not allowed to see employees, you also cannot adjust their timesheets.

Under ‘Permissions per module’, it will also be explained which permissions are influenced by others. This is also indicated in Simplicate > Settings > Account > Users, user groups and permissions > Permissions per user group via the info icons.


One group per employee
Partly due to this interrelation, we recommend assigning each employee to only one user group. If an employee is in two or more user groups, this may sometimes result in more rights than intended or unintended restrictions.

Only in some cases may it be useful to assign an additional user group to an employee. For example, a project leader may also be given the ‘HR’ user group if they are temporarily performing HR tasks. However, if another group is added or the employee permanently assumes multiple roles, we recommend creating a separate user group for this employee.


Restricting business profiles
You can also define which business profiles a user can access. The effects of this are described in this article.


Case
“Case 1: I want to give an employee permission to log hours for other employees but prevent them from viewing salary data, etc. Which permissions should I enable and which should I leave disabled?

In that case, select the HRM permissions ‘View all active employees’ and ‘View only self’. Make sure to only enable the ‘View’ permissions and leave the ‘Access’ permissions disabled.

With these settings, the employee can view (but not access) all employees and only click through to their own profile.

Additionally, in the Hours module, enable the permission ‘View and edit all timesheets’, and ensure that ‘Show hour values’ is turned off.

This way, the employee can edit all calendars and timesheets without seeing the value of the hours or accessing employee data.”

CRM

  • Access: This determines whether the CRM module is shown in the user’s account. If an employee will never use CRM or is explicitly denied access, you can disable this with the checkbox.

  • Add, delete, and edit: These permissions allow you to exclude the ability to add, delete, or edit CRM relations for specific user groups. We recommend this when an organization has specific individuals responsible for managing CRM relations.

  • Modify KPIs: This permission grants the ability to add, delete, or edit KPIs (dashboards within the CRM module). Since KPIs are configured environment-wide, this right determines who can adjust them for everyone.

  • Export to Excel: This affects the ‘Export’ button in the CRM module. If unchecked, the button will disappear and users in the group won’t be able to use this feature.

  • Access only if user is account manager (restrictive): If this is checked, users in the group can only see CRM relations for which they are the account manager. This is often desirable in sales-oriented organizations.

  • Show employees in CRM: If enabled, users in this group may view all employees listed under CRM > Persons.


HRM

  • View only self in active employees tab: If enabled, the user can only see and access their own record under the 'Active Employees' tab. This also determines whether the user can see the HRM module.

  • View own schedule: Controls access to the user’s personal schedule in the HRM module.

  • View active employees: Allows users to view all active employees but only click through to their own record.

  • View all employees: Allows users to see all employees, including former ones, but only access their own profile.

  • Access as manager: Supplements ‘View active/all employees’, allowing a manager to click through only to employees they manage.

  • Access to all employees: Supplements ‘View active/all employees’ with full access to all employee records.

  • Add: Allows users to add new employees in the HRM module. Additional rights are required to add/edit further information.

  • Edit personal data: Grants rights to edit the ‘Personal Data’ tab of employees the user has access to.

  • Edit employee: Grants rights to edit the ‘Employee’ tab.

  • Edit user: Grants rights to edit the ‘User’ tab.

  • Edit contract/schedule: Grants rights to edit the ‘Contract’ and ‘Schedule’ tabs.

  • Delete: Grants permission to fully delete employees. We recommend assigning this to designated roles only.

  • Leave adjustments: Controls whether colleagues can edit leave. If only a few are responsible for leave, we recommend disabling this for all others.

  • Register sick leave: Allows users to record sick leave hours for themselves and employees they can access.

  • Modify KPIs: As in other modules, this permission allows global editing of KPIs in HRM.

  • Export to Excel: Affects the ‘Export’ button in HRM. Disabling removes the button.

  • Reporting: Grants access to the 'Reporting' tab, including leave and sick leave reports.


Sales

  • Access: Controls visibility of the Sales module. Disable if the employee should not use or access it.

  • Add, delete, and edit: Controls whether the group can manage sales processes. Recommended only for responsible roles.

  • Modify KPIs: Grants ability to globally manage KPIs in the Sales module.

  • Access only if user is sales responsible (restrictive): Limits users to only viewing sales processes they are responsible for.

  • Export to Excel: Affects the ‘Export’ button in Sales. Disabling removes the button.

  • Reporting: Grants access to the Sales funnel report.


Projects

  • Access: Controls visibility of the Projects module.

  • Add, delete, and edit: Controls whether the group can manage projects, including editing, transferring, or correcting hours.

  • Modify KPIs: Grants global rights to modify KPIs in the Projects module.

  • Access only if user is project team member (restrictive): Limits visibility to projects where the user is a team member.

    • Note: If a project has no team assigned, it will be visible to users even with this restrictive right enabled.

  • Project purchasing: Controls access to the Project Purchasing module.

  • Export to Excel: Affects the ‘Export’ button.

  • Reporting: Grants access to reports like Revenue Forecast, Project Result, and Invoiced and Forecast.

  • Generate collective schedules: Allows the user to generate collective milestone schedules from the project overview.


Workflows

  • Access to all company workflows: This permission gives the user group access to all workflows within the company. This means the user can see all active workflows in the environment.

  • Delete workflows: This permission allows a user to delete any workflow in the system, regardless of type.

  • [Workflow name]: These permissions (per built-in workflow) allow the user to add, delete, or edit the specific workflow.


Access to Company Documents

  • [Your company]: Uncheck this option if no one in the user group should be allowed to view documents from the specific company. Recommended for organizations that prefer to restrict document access for staff.

  • Add and view documents

  • Delete documents: Uncheck this option if the user group is not allowed to delete documents. The red cross icon next to documents will disappear for this group.

  • Unknown: This is the document type used when no document type has been selected.

  • [Your document type]: Here you define per document type whether a user group is allowed to add and view that document type.


Capacity Planning

  • Access: Determines whether the Capacity Planning module is visible in the user’s account. With this permission alone, the user can only view their own planning without edit rights.

  • Access to full planning: When enabled, users can view all employees, projects, and tasks in the planning overview. If you do not want colleagues to see each other’s tasks, uncheck this. With this permission alone, the user cannot create new tasks.

  • Edit all tasks: This permission allows a user to view, create, and edit all tasks. The user also gains access to the ‘To be planned’ sidebar to schedule created tasks.

  • Edit past tasks: When enabled, this allows users to edit tasks that are more than a week old. This applies in both the project and employee overviews.


Business Intelligence

  • Access: Determines whether the Business Intelligence module is shown in the user’s account. If an employee will not use this module or is explicitly denied access, uncheck this option.


Settings

  • Account, General, CRM, HRM, Sales, Projects, Invoices: The settings are organized by module in Simplicate. These permissions define which settings the user group can access.

    • Note: Users with access to Account settings can grant themselves additional permissions.

  • API: This checkbox controls API access. If enabled, a user group can generate and delete API keys.

Did this answer your question?