For larger organisations, it often makes sense to have local administrators manage employee records within their own areas instead of the global admins managing this responsibility for the global organisation.

Only global admins have access to the access control groups page, and are therefore responsible for setting up and managing the access control groups, as well as adding new users to them.

Most organisations will utilise the default manager access control group where all managers have dashboard access with the same permissions enabled. When it comes to local administrators, it is recommended to create a custom access control group in order to provide them with a higher level of permissions within the platform. 

Our recommendation

To put it simply, our recommendation is for the global admin to create a local administrator access control group and add the relevant local admins/HRBPs to the access control group. 

For companies using multiple manager access control groups, we also recommend a method of enabling local admins to manage these groups locally.

Creating a local admin access control group

  1. Create an access control group for 'Local admins'
  2. Choose the Managed employees and the Choose manually options
  3. Choose the permissions they will require
  4. Save the changes by clicking Create group

We recommend the following permissions are enabled:

  • View employees
  • Update employees
  • Administer employees
  • Segment management access (so that local admins can add managers to segments they may need access to, provided that the admin has full access to that segment)

These members will typically be responsible for their "managed employees" which can be achieved in two ways:

  • Adding them as a manager to a segment of employees (for example the entity or the country they manage)
  • Adding an additional "Employee" type attribute and updating employee records so that each employee 'reports' to both a manager and a local administrator/HRBP

In the example below, Marguerite Ryan is the HRBP for the EMEA region. In order for her to become the local admin for the EMEA region, she can either be made the EMEA segment manager, or all employees from EMEA should report to Marguerite as their HRBP.

Allowing local admins to manage access control groups

In some cases, you may wish to deactivate the default "Manager" access control group and instead set up custom access control groups for managers with different permissions enabled for each group, for example "Managers with full access" or "Managers without comment access" etc. 

It is possible to configure custom access control groups to automatically populate managers based on a specific segment that they are in. Local admins will not have access to the access control page, however when updating employees, they will be able to place a manager in the correct segment, which will automatically populate the access control group. 

For this purpose, an option type attribute needs to be created, with segment options that reflect the custom access control groups. The attribute can be set to not appear on the dashboard's segments by restricting "Dashboard access" within the advanced settings (this is done from the attribute page).

For example, create an attribute called "Manager dashboard access" and then add some segments that reflect the different levels of permissions various manager groups should have when they log into Peakon. In the below example, scores from these segments will not be visible on dashboards because the attribute is restricted for dashboard access.

Once the attribute is set up, it is possible to create the access control group and link it to the relevant segment to auto-populate:

Complete step by step instructions:

  1. Decide on the groups of managers that you would like to differentiate between
  2. Create the option type attribute and add a segment for each group a manager could be placed in 
  3. Create an access control group to match each segment
  4. Select the Managed employees option and the Choose by segments option
  5. Select the segment(s) the group should be populated by and save the changes by clicking Create group
  6. Once the groups have been setup, provide local admins with an explanation of which permissions are enabled for each manager access control group so that they can update their employee records accordingly

Considerations

Using the recommended set up, local admins:

  1. Have access to the employee records they manage on Peakon
  2. Are able to control which access control group managers have access to by selecting one of the segments from the newly created attribute that's used to automatically populate the respective access control groups
  3. If a manager access should be revoked, the local admin can simply remove the segment value from the manager's employee record
  4. If a manager with no direct reports needs access to a segment, the local admin can open the employee record and add the manager to the segment

Article: Adding managers to segments
Article: Setting up attributes and segments
Article: Administering access control groups
Article: Choosing the right access control permissions

Did this answer your question?