Understanding Nakisa Hanelly: Role-Based Security
Technical Writer Nakisa Hanelly
You may ask, why would Role-Based Security for an organization design solution be important?
Nakisa Hanelly takes the data in your Human Resources Information System (HRIS) or ERP and organizes it into a clear picture that lets you see into your organization. But there is so much data in your system, much of which is sensitive and should not be available to users who are not managers or in HR. Providing Role-Based Security within a solution like Hanelly allows the entire organization to have access to Hanelly while keeping sensitive information secure. This way, Hanelly ensures that all non-management/HR employees don’t see sensitive data they are not cleared to see.
The roles users are assigned determines what data they see, including specific fields, and which functionality is available to them. The security model your organization selects also determines what information is available to users. We’ll cover this topic in part two of this blog.
Here, we’ll review the role types in Hanelly. Then we’ll cover what kinds of data each user can see, and which features are not available in the application based on role.
In Hanelly, we classify users into four general groups: employee-level users, supervisor-level users, HR users, and scenario owners.
Employee-level users are your employees who have no managerial duties. They have the lowest level of access to data. Some organizations choose to restrict Hanelly access to a few key people, but if your organization lets all employees log in, most will fall into this category.
Supervisor-level users can be those users who have employees reporting directly to them as well as HR business partners (HRBPs) who oversee groups of employees.
HR users are the users who need sensitive data, such as salary/compensation, hiring/terminations, talent, etc., to do their jobs. These users are typically your Human Resources employees, though you can review the data that this role has access to and determine who needs to be assigned this role. Perhaps you have other users in your organization who should also have this role assigned to them.
Scenario owners are the power users in the application who create and manage scenarios, including the option to write changes made in scenarios back to your HRIS or ERP.
What Users Can See
Now that we understand the user types, let’s delve into what kinds of data each one can see and what functions are available to each type of user. This can help inform your decision on which role should be assigned to each of your users.
The Employee Role can see some of the views and can perform searches in the data, though secure fields are not displayed. They can use the Employee Map and can populate their own profiles. They can see and search for information that other users have added to their profiles, but they cannot see the purple Employee nodes in the org chart. Most users in a company will have this role.
The Employee Role does not have access to any of the analytics or dashboards. They, therefore, will not see sensitive data such as talent ratings or salary information, and cannot create or see scenarios.
The supervisory role users can see everything the employee users can see, plus they have access to dashboards and secure data, but only for their areas. They can also see high-level talent data about the entire organization. Additionally, they can create Team Design scenarios, which are used to create small teams, but those scenarios can only contain the people who report to them or who are in their logical group. See the following images that illustrate this concept a little more clearly.
In one of our security models, Roberto Pilson (Sr. VP, Sales), can access a view with secured data (in this case, the Budget view), which contains salary data, but he only sees salary data for his department.
In our other security model, Helle Carlson can access a view with secured data (in this case, the Talent Rating view), which contains talent data, but he only sees the talent data for the users who are in the same geographic location as he is.
The supervisory role does not have access to salary information outside of their logical group, and they cannot create Org Design scenarios (the internal reorganization type of scenario) or Org Merger scenarios (the scenarios used when you’re merging with or acquiring another company). They can work in a scenario if it is assigned to them, and they will see what comes with the access granted by the scenario creator.
HR users can see everything the supervisory users can see, plus they have access to all secured data, dashboards, and analytics. Like the supervisory users, they can create Team Design scenarios, but they are not limited to their logical group. Their team designs can encompass the entire organization.
HR users cannot create Org Design or Org Merger scenarios. However, like the supervisory users, if a scenario owner assigns either a work area or shares access to one of these scenarios, they can work in those scenarios.
Scenarios owners can see everything (all data, all charts and dashboards), plus they can create OrgDesign and OrgMerger scenarios for the entire organization. They can generate the reports associated with scenarios, and one of the roles can write finalized scenario data back to their HRIS or ERP. These super users have access to everything Hanelly has to offer from day-to-day management, through to all organizational design options.
By using Role-Based permissions, Nakisa Hanelly can be used by the entire organization while keeping employee data completely secure, and only visible to those who require access. This sets the tone for how Hanelly is used within your organization.
For more information on Role-Based Security, stay tuned for part 2 of this blog.