Note: This feature is actively being rolled out and may not be available to all clients.
This article explains the entity level permissions available to Global Payroll clients when assigning roles and responsibilities to admins of their organization.
Clients can now grant new and existing users rights to perform specific actions within an entity or restrict access to certain actions within the Deel platform.
Entity Level Roles:
- Payer
- Payroll Approver
- People Admin
- People & Payroll Admin
Note: Adoption of this feature is optional. All existing users and user permissions will remain unchanged until edited by the client.
Entity Level Permissions:
Product Area |
Action |
Entity Level Role | |||
| Payer | Payroll Approver | People Admin | People & Payroll Admin | ||
Payroll Submission |
View Payroll table | Yes | |||
| Submit payroll | No | Yes | |||
| Approve payroll | No | Yes | No | Yes | |
| Upload, download docs | Yes | ||||
| Comm. center interaction | Yes | ||||
| Mark as paid | Yes | Yes | No | Yes | |
| Expenses | Create, edit, view, delete | Yes | |||
| Approve, Reject | No | Yes | No | No | |
| Reports | GTN, recurring, total payroll summary - View all, download, filter | Yes | Yes | No | No |
| Cost center summary & cost center detailed, Direct Employee Contributions, Direct Employee Deductions, Direct Employee Payment History | Yes | Yes | Yes | No | |
| Non GP reports (that show GP details) | Yes | Yes | Yes | Yes | |
| Employees | View | Yes | |||
| Add new | Yes | ||||
| Assign cost centers | No | No | Yes | Yes | |
| Edit job information | Yes | ||||
| Entity Level Actions | Assign role | No | |||
| View entity details | No | ||||
| Add entities | No | ||||
Note:
- The roles' abilities are hard coded, meaning we require a code change for adjusting the permissions or creating new roles
- Any Deel product that is not mentioned in the matrix above will have full access to clients with entity level permissions
Set up and Manage Entity Level Permissions
✅ Step 1 - Go to Access Management
Click Organization Settings in the top right
Select View on the Access Management Card to see all of your organization managers and their current roles.
✅ Step 2 - Manage Roles and Access
Locate an admin in the list and select the More menu (Three dots icon).
Select Assign Role, Manage Access, or Remove Access.
[ACCORDION]- Assign Role
Select Entity Level Access to set admin permissions for specific entities. Click Continue.
Next, select to either grant access to predefined entities only or grant access to all entities that may exist in the organization.
Assign a role by pressing the Assign Role button for the entities you want to grant the employee permissions to.
If you require the same permissions for the user, toggle Apply the same role for all entities.
A drawer will appear with the new entity-level roles and the entity admin role. Select the role you wish to set to the employee and click Assign Role to confirm.
New role assignments and permissions will take effect immediately.
[ACCORDION]- Manage Access
Select Manage Access from the More menu to review all of the user’s existing roles.
Select Edit to apply a different role/permission level for the user
If the client is unsure of which access level the user should have, select View for full details on each permissions level. Expand the sections to see exactly which rights will be granted in each area.
[ACCORDION] - Remove Access
You can use the Manage Access option to remove an admin’s access to a specific group(s) or select Remove Access from the More menu to completely remove an admin’s access from all of your organizations at once.
- To remove one or more access groups/roles, select the user’s name from the Access Management list.
Next, check the box beside all of the roles that you’d like to remove. Click Remove Access at the top of the screen to remove and confirm. - To remove all of an admin’s access at once, select Remove Access from the More menu. After reviewing all of the groups that the admin is currently a part of, select Remove Access again to confirm.
IMPORTANT NOTE: Removing a admin’s access altogether will reduce the number of approvers needed for payments in the groups that they are members of. Be sure that you want to proceed before clicking Remove Access again to confirm.
[/ACCORDION]
FAQ
[ACCORDION] Can clients un-do changes they make to admin access and permissions?
Yes, clients can un-do changes made to admin access and permissions. Once an entity level permission is applied to a platform user, through the use of an assigned role, this can easily be reverted by removing the role from the user.
[ACCORDION] Is it possible to copy/duplicate entity level permissions from one user to another?
Replicating entity level permissions is made easy because all permission groups are set up with pre-defined Role Actions. This means you simply need to select the role you want to apply to a platform user, and all the pre-set permission configurations will be applied.
[ACCORDION] Is it possible to stack and/or customize entity level permissions?
It is not currently possible to customize entity level permissions. Today, pre-defined roles are available to clients for better management of user access levels. Custom Role Action configurations are noted as an ideal solution for enterprise clients and may be delivered in the near future.