Utilities - User Account Access Change - 11/18/2022 [RN]
We improved the User Accounts Utility by adding more granularity to the levels of access granted to each user type.
This enhancement splits off the full "User Records" access to its own new user setting called "User Record Admin". Admins that wish to provide limited access to user record administration can disable this user setting for their users, decreasing the ability for them to manipulate/access co-worker accounts in BOLD.
Why did we do that?
We received requests from staffing agencies using the BOLD platform for internal payroll.
They said that they need the ability to have more control over users' access to User Type and User Record configuration.
They said they need this to provide enough access to perform necessary recruiter functions, while at the same time limiting the ability to access private internal information.
They said they also want the ability to escalate their own access (without requesting it from an admin).
How does this work?
The existing User Accounts access was moved to its own user access claim called "User Account Admin," under the "Admin" section. This will give full access to all users (the same way access to "Utilities" works today).
Any existing user with "Utilities" access will get this enabled by default.
The User Accounts access was modified. If the "Utilities" user claim is enabled (but NOT the new "User Account Admin") it will provide a limited variant of access to the User Records as described below:
HCM Users: They can only access their own user profile to provide password resets (but they are unable to change branch access).
Hiring Managers: Full access to all Hiring Managers/Contact users
Sub Vendor Users: Full access to all Sub Vendor users
Contractor (talent) Users: Access to only contractor users whose linked profile has a home office(branch) that the HCM user has access to (if the "Restrict Access to Talent by Office" is also enabled). This is needed to ensure they cannot modify contact information for (and perform password resets for) talent/contractors that are internal employees.