Through Profiles and permissions, you can manage your employees' scope and access to various functions and modules of Kenjo. To be able to use Kenjo, the users of our platform need to be assigned a "Profile". This profile will come with certain permissions which will determine their access rights to the different functionalities of Kenjo.
Note: Consider that these profiles do not need to always match the role of a person in your company. The profiles only determine the scope of access a person would have in Kenjo.
Kenjo has two types of employee profiles:
Under Settings > Profiles and Permissions, you will find seven default profiles:
We call default profiles to those profiles that are already defined in Kenjo and whose permissions cannot be modified or deleted.
Here is an overview of all the permissions per profile.
Click on the image if you wish to see it bigger.
Who should be assigned to which profile?
The Admin is, as its name suggests, the role of the Administrator. This role should only include few people since they would have full access to all features and settings in Kenjo. This means that they can configure, edit, create and see all the sensitive information you store in Kenjo.
If the Admin is Batman, then the HR Admin is Robin. Just like in the comic, the HR Admin is one of the few people the Admin trusts fully when it comes to access rights in Kenjo. This means that the HR Admin should be an employee that works closely with the Admin in almost all areas, except for Recruiting. From all the permission sections you can find in Kenjo's profiles, the HR Admin will only not be able to:
- Manage profiles and permissions
- Manage single sign on
- Manage recruiting and view its reports
- Export dashboards data
Note: The access to recruiting can be modified if invited as a Hiring manager or Hiring member. More on that here.
The profile Recruiter is mostly for, of course, recruiters. Contrary to the HR Admin, employees that belong to this profile have full access to the Recruiting section (talent pool, candidate list, job openings, etc.) and limited access to other sensitive areas of Kenjo.
- They can only activate new employees in Kenjo, but won't have access to the rest of their personal information. In fact, the employees belonging to this group can only see their own compensation, documents, tasks, projects and goals, but none of the other employees.
- They can only view and edit their own attendance, but have no action rights upon other employees attendance.
- When it comes to reports, they can only view and export those related to Recruiting.
- In Performance reviews, they can only participate and see the feedback they have been given.
- Finally, they are able to create workflows and email templates, since they can be highly needed for recruiting.
In general, you could think of the profile of Recruiting as a normal employee who is the total owner of recruiting.
Just as the Recruiter, the Finance Admin has especial access which are only related to his/her area of expertise: Finance. This means that the Finance Admin can see all the payroll section, employee's financial section and all those features related to compensation. However, they will have limited access to documents, tasks, projects, goals, time off, and attendance. This means that:
- They will also be able to access the address, home, confidential and emergency section of other employees, but cannot edit it.
- They can import documents in bulk (usually needed for the payslips) but not delete them.
- They can check other employees' attendance and time offs, but not edit them.
- They, of course, have access to view other employees' projects and goals, but cannot manage them (unless involved).
Finally, the employee belonging to this profile cannot edit their own attendance, approve their own time off requests, view their own confidential section, or have any access at all to the settings of Kenjo.
Managers in Kenjo are those who have direct reports and are able to see their own information and that of their subordinates, except for payroll. They have no access to at all to the reports or settings, and have very few permission rights to other functionalities of Kenjo. In general, they would be able to view and edit the attendance of their subordinates (but not their own), approve the time offs of their direct and indirect reports (but not their own), view, edit and delete projects, see the performance feedback of subordinates and their profiles. Managers cannot edit or delete goals and can only have access to Recruiting if they are invited as Hiring Managers or Hiring members.
Finally, the profile Employee is for those who will need Kenjo to track their attendance, see their own documents, request time offs, and build engagement with your company. They have access to their own Personal, Attendance, Compensation, Time off, Smart docs, and Payroll sections and only have access to recruiting when invited as a Hiring manager or Hiring member. When in doubt, is best to give users the role of the employeee.
This profile can be used for users who are not a part of the company e.g. a freelancer or consultant. This profile will limit employees to a restricted number of features (time off, attendance, smart docs) and home widgets (punch clock, announcements). They will have no viewing rights of other employees and no actions on other employees. Personal data belonging to other employees will be masked with XXX.
In case none of the default profiles match your needs, you can create custom profiles and define the permissions based on your organizational needs. To know how to create profiles and assign them to the employees, please refer to this article "Manage Profiles and permissions"
Was this article helpful?
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
We appreciate your effort and will try to fix the article