Sapling - Custom Permissions In Sapling

Introduction 

Permissions in Sapling are built to help customize information access for every individual at your organization. Custom permissions allow you to create tailored access for your coworkers based on their functions.

This comes in handy for onboarding program stakeholders, such as IT and Hiring Managers, but can also help define access levels by location or department.

This article covers the following topics: 

• Understanding Permission Level Basics
  • There are 5 types of permission levels available in Sapling 
• How to add/edit Permission Levels
  • Add a new permission Level
  • Edit existing permission
  • Add a team member to a permission group
  • Delete a team member from a group
• How can I customize permissions at each level? 
• Available options based on permission levels
  • Available options for all levels (Employees, Managers, Admins, Super Admins, and Temporary Admins)
  • Available options for Managers Only
    • *Note: For Managers to Initiate Offboarding
  • Available options for Admins (Admins, Super Admins, and Temporary Admins) Only

  • Manager’s Team Tab: Visibility and Action Permissions by Role

Understanding Permission Level Basics

There are 5 types of permission levels available in Sapling: 

1. Employees: The default option for all new team members. The Employee permission group allows them to see their own information, but never see sensitive information for others.
2. Managers: An auto-assigned permission to team members that manage other people. Managers can see their own profile information, as well as key information for their direct or direct/indirect reports.
3. Admins: By default, admins have access to certain key functions under Administration Tools (Workflows, Dashboard, etc). They can see and edit other team members’ information.
4. Super Admins: Super admins can see and edit everything in Sapling. With great power comes great responsibility - we suggest limiting this type of access only to those who need to view all data and take all actions in Sapling.
5. Temporary Admins: This allows people outside your company (such as an auditor or contractor) to access your Sapling account without actually creating a profile for them.

Within each permission level, you can decide what feature or data tables have No Access, View Only access, or View & Edit access based on the permission you are creating.

You can also add as many sub-levels to each permission group as you need. For example: in the "Managers" permission group, you can break it down by "Managers - Sydney" vs. "Managers - Paris," customizing the view for each group.

How to add/edit Permission Levels

Add a new permission Level

To add a new permission Level, navigate from Home > Administration Tools > Permissions. Select which of the 5 permissions groups you'd like to add a new level to (Employees, Managers, Admins, Super Admins, or Temporary Admins) and click the "Add New Permission" button.

This will add a new permission level to that permission group (i.e. "Employees - France" as part of the overall "Employees" permission group).

Edit existing permission

To edit existing permission, go to the permission you'd like to edit and click on Actions > Edit permission. Walk through the fields like you'd like to change, and hit "Save." 

*Note: all Team members in your org will default to be in the "Employee" or "Manager" permission level ("Manager" is assigned if they have a direct report in Sapling). To add someone to any other group (Admin, Super Admin, or Temp Admin) you will need to do so manually from Permissions or from the team member's Profile page.

Add a team member to a permission group

To add a team member to a permission group, select the group you'd like to add them to. Click Actions > Edit Members and type in the name in the text field under Add members.  This will automatically save them to that group.

Delete a team member from a group

To delete a team member from a group, select the group you'd like to delete them from. Click on Remove by their name to remove it.

How can I customize permissions at each level? What are my options? 

Depending on what permission level you edit, you will be prompted with different feature and data table options to give No Access, View Only access, or View & Edit access to. These options will show up in the top menu when you edit a permission level.

Available options based on permission levels

Available options for all levels (Employees, Managers, Admins, Super Admins, and Temporary Admins):

• Platform Visibility: This is used to specify what employees should see on their own profiles. For example, you can turn off access to the Sapling Calendar, while keeping profile fields open for editing.
• Own Info Visibility: This allows you to get more granular by toggling permissions to specific data tables and sections in the profile tab. We suggest turning off edit access for things like Compensation or Role Information.

Available options for Managers Only

Everything listed above, plus:

• Manager scope: You can decide if managers can see information only for their direct reports, or indirect reports as well.
  • The team tab will be visible regardless of direct only or direct and indirect.  Managers can take action from the team tab and make updates if needed.
  • This allows for managers to step in when other counterparts ( ie managers, colleagues) are out of the office.
• Direct Report Platform Visibility: Choose what managers should see when looking at a direct report’s profile. For example: deciding if they see should see remaining time off balances for their direct reports.
• Others Info Visibility: Similar to the “own info” settings for employees, this allows you to toggle access to specific data tables or profile sections.
• Initiate Offboarding: under the "Platform Visibility" permission section, you can turn on the "Start Offboarding" toggle to enable managers to have the option to kick off the offboarding process from their direct reports' profiles.

*Note: For Managers to Initiate Offboarding

Turn on the "Start Offboarding" toggle in the "Other Info Visibility" permission section.

This enables managers to kick off the offboarding process from any of their team members' profiles.

Available options for Admins (Admins, Super Admins, and Temporary Admins) Only

Everything above, plus:

• Extra filters (location, department, employment status) to control who this access is applied to. You may want to create an admin permission level for each office or a specific one for contractors.

• Admin Tool Visibility: You’ll be able to grant access as needed to specific admin tools, such as the dashboard, documents, and integrations pages. For example, you may want to grant “View and Edit” access to an IT team member or Developer to help you set up your account integrations. You may also want to provide reporting access to an executive team or the payroll team.

Important:
When creating or sharing reports in Sapling, it's important to understand the difference between Super Admins and Limited Admins:

• Super Admins have access to all fields, including sensitive data like compensation, and can include these in reports.
• Admins can only access and add fields that their permission settings allow. For example, if an Admin has No Access to compensation, they will not see or be able to include compensation fields when building a report.

To ensure proper data visibility and control, review your Report’s Permission and Admin Permission Settings before sharing reports containing sensitive information.