SmartRecruiters is improving the management of administrative roles. Our goals are to provide data security, have local experts owning local configurations and prevent admins from accessing more information than they need. Our solution extends custom System Roles and allows Administrators to specify when a custom System Role is being used as an Admin role - one which has lesser privileges than ‘Admin’. This role is referred to as a Delegated Administrator. To accommodate this change, the current limit of 5 custom System Roles has been increased to 10.
Let’s assume that the Admin will create a Delegated Administrator and name the role Super User. This role will be expected to create and edit Email Templates and Offer Templates in Spain.
Admin sets up new role(s)
1. Admin goes to Settings/Admin > System Roles > +Add a custom role
2. Admin names the role Super User, makes configuration selections in each column and clicks Save. Once done, the Admin will see the Company Settings button when she hovers over that row.
3. Upon clicking the Company Settings button, the Admin first toggles ON This is an administrative role - as the role needs access to additional admin features. Then, the Admin individually toggles the fields which appear in the Company Settings section of Settings/Admin.
Admin creates an Access Group (optional)
If the Admin wants to limit the data access scope of the Super User role, then she can do so using Access Groups. The Admin would go to Access Groups > Create group, provide an Access Group name, description and then select the Org Fields which align to the data scope of the Super User role. In this example, the Country field will be set to Spain.
Admin assigns the new role and Access Group to a user
The Admin assigns a user to the new Super User role and Access Group.
The Delegated Administrator makes Setting/Admin changes
1. In Settings/Admin, the Delegated Admin (named Super User) does not have access to features which are greyed-out. For features he can access - such as Email Templates, he is limited to Spain - per Access Group settings.
2. When the Super User accesses Email Templates, the Country field is set to Spain. The All button is also checked, but checking it only controls Spain in this case. All other countries are greyed out.
3. Since This is an administrative role was toggled ON, the Super User can control features such as Skip Approver.
The existing custom system roles which customers have in place today will all display as being toggled OFF on the Company Settings page. If they are updated, that setting will be respected. This is a known issue and will be resolved in May, 2021.
Can this feature be turned off? Customers can effectively turn off the feature by not setting up a Custom System Role.
Are there rules in place to prevent a Delegated Admin from upgrading his/her own privileges? Yes. The system enforces rules so that Delegated Admin users cannot:
- upgrade their own privs to ‘Admin’,
- upgrade the privs of existing users above Delegated Admin,
- add a new ‘Admin’ via User Management.
However, if a Delegated Admin is given access to System Roles (see image), then that user CAN upgrade the Company Settings for any/all custom roles.
Have the number of custom System Roles been increased to accommodate this feature? Yes. It has been increased from a total of 5 to 10.
What are the admin features which are bundled into this toggle? There are some administrative features available to the Admin role (mostly related to jobs and candidate profiles), which are not controlled via Settings/Admin. When the Delegated Administrator feature was built, it was important that selected Delegated Admin users should have access to these features. They are listed below and are all controlled by this toggle on the Company Settings page:
This is the full list:
- Delete Job
- Delete Candidate
- Access profile deletion requested filter (per Global Compliance setting)
- Access the Hiring Success Dashboard (per ANALYTICS dropdown)
- Enable/Disable New Hiring Score via Hiring Success Dashboard
- Manage seat assignments (User Management)
- Skip Approver
- Delegate Approval (new feature)
- Access the full candidate profile even if New Hire Data Masking is switched ON
- Access all publisher notes
Note that job templates are not currently controlled by System Roles and cannot be assigned to Delegated Administrator roles.
How can I test Access Groups? Per the image below, the Access Group setting for the custom System Role needs to have any value other than No. If No is selected, then an Access Group cannot be assigned in User Management.
Which Settings/Admin features respect Access Group settings? The following DO: Email Templates, Auto Replies (both internal and external), Offer Templates, Custom Consent Request and Screening Questions.
The following DO NOT: Job Approvals, Offer Approvals, Candidate Fields, Hiring Process, Career Pages & Job Ad, Job Ad Footers. These will be added as delights.