User-scoped permissions enable administrators to create highly customized access control systems that provide granular control over individual user permissions within Leapsome. This advanced feature allows for precise management of who can access what, ensuring security, compliance, and optimal resource allocation.
When to use user-scoped permissions as an Admin
- Control feature access for specific individuals without creating new role types
- Manage pilot programs by granting selected users access to new features
- Ensure compliance by restricting sensitive information access
- Optimize costs by limiting premium feature access to essential users
- Enhance security through precise permission management
- Support external users with limited access requirements
-
Managing safeguards:
- Maintain restrictions on global-scope features
- Ensure compliance with information access policies
- Prevent unauthorized access to sensitive user data
- Preserve security boundaries for company-wide functions
Granular feature access and visibility can be enabled for each access role within the Feature access matrix.
How to configure user-scoped permissions
Custom role creation
- Navigate to 'Settings' > 'Employees' > 'Access roles'
- Create new custom roles with specific feature combinations: You can grant access for a specific set of users to either have access :
- to the same selected users defined at the role level. The users/teams will be selected within the access role settings itself within 'Settings' > 'Employees' > 'Access roles' using the filters provided
- or to a different set of users defined at the user-level in the user profile (similar to HRBP)
- Define role-based feature management settings in feature access matrix by enabling access to specific features that users with that role will be able to have access to.
Individual user management
- Go to 'Company' > 'Employees'
- Click 'Edit' next to the target user's name
- Select the 'Role' tab
- Under 'Additional roles', assign specific permissions
- Configure access for individual features or modules
- Apply changes and ensure the user logs out and back in for new permissions
The same path is applied to unassigning the role. All you need to do is unticking the selected roles you want to remove.
Assign access roles in bulk
Similarly to how you can update attributes for users in bulk, you can assign access roles in bulk.
Navigate to Company > employees > select the relevant employees > Assign access roles > select specific role > submit.