Authorization roles are a set of permissions that can be given to different users.
You can find these under Identity >> Authorization roles
Each user can be assigned one or more Authorization roles. It's best to assign one of the predefined roles to your users based on their role in your organization.
Your account comes with 3 predefined roles:
Has access to all settings
Can edit all clocking events and absences including those of other users
Can add events and absences for themselves for any time and without any approval from anyone else
Must clock events in real-time
Must request absences
Cannot edit their time and events
Can only see their own data, not everyone else
Can approve / reject absence requests of employees in assigned Org. Units
Can see and edit clocking events of employees in assigned Org. Units
Must request absences for themselves and cannot edit their own data
Note: any user with the Administration or Manager role will receive absence requests from all other employees unless they are assigned a particular organizational unit.
Creating new roles:
The existing roles can be modified or copied so new roles can be created based on them:
This should save you a lot of time as you can only make small changes instead of setting everything from scratch.
The most obvious example is copying the Employee role and creating a similar role for Employees with Geofencing or other special rights such as Adding of clocking events for any time manually.
Employees with such permissions can easily be assigned a new role you create.