We improved Utility access controls by moving the User Types widget to its own user setting, which can be turned off for users needing Utility access -- but not access to changing the User Type configurations.
This enhancement splits off the ability to configure User Types to its own new user setting called "User Type Editor". Admins that wish to provide limited access to user type administration can disable this user setting for their users, decreasing the ability for them to access restricted data by self-elevating their privileges.
|Why did we do that?||
We received requests from staffing agencies using the BOLD platform for internal payroll.
They said they need the ability to have more control over users' access to User Type configuration.
They said they need to provide enough access to perform necessary recruiter functions, but limit the ability to access private internal information.
They said they need to be able to escalate their own access via User Type modification (without requesting it from an Admin).
|How does this work?||
"User Type" was split out into its own user access claim under the "Configuration" section.
Any existing user with "Utilities" access will get this enabled by default.
Users without access to the new "User Type" user claim will not have access to the User Types configuration widget.