Roles and permissions ★

Introduction to Permissions in Folks

Permissions 

In the Folks application, access is managed through roles that can be predefined or customized. Managing human resources information is a critical task to ensure the strict protection of employee and company data.

 

Default roles

The roles available in Folks are:

  • Employee: Limited access to their own information.
  • Manager/Supervisor: Access to information of employees under their supervision.
  • Payroll: Access to certain employee information to track time and other requests.
  • Full Access: Access to all company information.

Learn more about suggested roles.

Special Role

  • Company Administrator: Limited to only one person per company, this role has all administrative rights and can configure the application according to the company’s needs.

Role-Based Access Management

Role-based access management allows restricting the visibility of information based on various criteria such as the employee, structure, or specific module. Here are some examples:

  • An employee is limited to their own information.
  • A manager can see information for the employees they supervise.
  • An employee may have read-only access to certain modules.
  • A payroll manager can see the timesheets of all employees at an working site.

Using roles allows for better overall access management and minimizes individual exceptions. It is also easier to update, adjust, and track access when it is linked to roles.

Assigning a Role and Traceability

It is strongly recommended to assign roles and permissions to individual email addresses (for example j.doe@abc.com) and not to distribution groups or other shared addresses (for example: hr@abc.com). This not only helps limit the chances of a breach but also allows for more precise identification of who has access to what.

If it is necessary to provide an address based on a group, for example hr@abc.com, it is important to manage access to this address rigorously, notably through password management and/or limited-time sharing.

Key Resources

To better understand the implementation and management of permissions in Folks, access the following resources:

How do I create a test user from an existing email?

The username inside Folks is the user's e-mail address. Each e-mail can only be used once. So how do I create test users to validate that my security roles are appropriate?

The answer is simple and accessible to everyone! When creating a test user, add your e-mail address (courriel@company.com) to the e-mail field. However, you need to modify it a little by adding +something just before the @. Ex: e-mail+1234@company.com or e-mail+employe@company.com 

This e-mail will be seen by Folks as an e-mail not used by another user and will enable you to create several users with your own e-mail. This manipulation sends e-mails to an alias of your e-mail address, and you'll receive messages sent by Folks in your real mailbox. You can add anything after the + symbol to identify the user and the e-mails received from the platform. However, each alias can only be used for one user. If you delete a test user, the e-mail alias for that user will be accessible again. 

How to change the Company Administrator

Only the user with the role of Company Administrator can make this change. To change the Company Admin, please follow these steps: 

  1. In the navigation menu, go to: Company > Information
  2. In the field for Contact Name input the name of the new company admin. Click save data.
    👉 It is important that this be done first since once you give the admin to someone else you won't be able to change it. 
  3. Click on Change Admin
  4. Select the username of the new administrator from the list and click on OK.
    The first and last name entered in the user information will be put in brackets in case you do not recognize the username (user's email).
  5. After pressing OK, you will be able to modify the accesses of the former Company Administrator as needed.
Why don't I have access to ... ?

What to Do

If you notice that you don’t have access to a page or lack certain permissions, contact your company administrator.
If you’re unsure who that is, your supervisor or HR contact can help you identify the right person.

Important:
The Folks support team will not modify any access without prior authorization from the company’s administration or an authorized representative.

Your organization retains full control over its own environment.

 

 

Why can't my employee make requests?

When a user is unable to access the Requests menu, there are a few causes that could justify the situation, one of them being that the employee profile and users are not linked.

Resolution Steps

  1. Access the user list
    Go to  Settings > Users 

  2. Edit user
    Click the paper/pencil icon for the desired user to enter edit mode.

  3. Select the employee profile
    From the employee dropdown menu, select the employee to link to the user.
    user-modified.png

  4. Save changes

  5. Employee reconnection
    Ask the employee to log out and log back into the platform. 

⚠️ Important: A user should always be linked to their own employee profile and not to someone else’s. An employee should be linked to only one user at a time.