Authorization roles are a set of permissions that can be assigned to different users.
It's best to assign one of the predefined roles to your users based on their role in your organization and then change it if needed.
Your account comes with 3 predefined roles, you can find these under Users > Authorization roles.
Has access to all settings
Can edit all clocking events and absences including those of other users
Can add events and absences for themselves for any time with no need for approval
Can approve/reject absence requests of employees within assigned department
Can see and edit clocking events of employees within assigned department
Must request absences for themselves and cannot edit their own data
Must clock events in real-time
Must request absences
Can only see their own data and cannot edit them
Note: any user with the Administration or Manager role will receive absence requests from all other employees unless they are assigned a particular organizational unit. Learn how to assign organizational units to managers so they can access and manage only certain people >>
Personal and Administration privileges
Each authorization role is divided into two sections.
Having personal privileges enabled means the user can only see their own data
The Employee role described works like this
Any user with Administration privileges will have access to other user's data
The Manager and Administration roles have this enabled
Any user with administration privileges will see data for all other users!
This can be prevented by dividing employees into organization units and assigning these organization units to different administrators and managers.
Creating new roles:
The existing roles can be modified or copied so new roles can be created based on them:
This should save you a lot of time as you can only make small changes instead of setting everything from scratch.
The most obvious example is copying the Employee role and creating a similar role for Employees with Geofencing or other special rights.