Overview
Functional-Level Permissions determine what users can read, edit, or be denied access to at the field or data element level within a screen. Unlike Screen-Level Permissions (which govern whole menus and pages), functional permissions go deeper — controlling sensitive fields such as pay rates, personal details, and identifiers.
These permissions can be set at Global, Role, Group, Location, or User levels, with the following rules applying:
Read: User can view the field or data but not change it.
Write: User can both view and edit the field.
Deny: User has no access to the field (not visible or disabled).
Navigation
Log in as an administrator with permission management rights.
Go to Settings > Permissions.
Select entity (Global, Role, Group, Location, User).
Assign Read, Write, or Deny for each functional element.
Save changes to apply.
Functional Permissions Reference
| Function / Field | Description | Read | Write | Deny | Note |
|---|---|---|---|---|---|
| Office Location | Controls visibility/editing of user’s or job’s office/branch location. | View location info only. | Can update/change location assignment. | Location is hidden completely. | Useful for multi-branch staffing. |
| Bill Rate | Controls access to bill rate field on jobs, offers, and timesheets. | Can see current bill rates. | Can modify bill rates. | Field hidden/blocked. | Highly sensitive – restrict widely. |
| User Rating | Controls access to crew/user rating system. | Can view performance ratings. | Can adjust ratings. | Not visible to user. | Recruiter/manager use. |
| Workers Comp Code | Controls access to Workers’ Compensation classification field. | Can see assigned codes. | Can assign/update codes. | Hidden completely. | Compliance-critical. |
| Rate Markup | Controls visibility and editing of markup calculations for rates. | Can view applied markups. | Can change rate markup setup. | Hidden completely. | Finance-only field. |
| Crew Review | Controls access to crew review information. | Can view reviews. | Can add/edit reviews. | Reviews hidden. | Sensitive; affects HR processes. |
| Assignment Status | Controls visibility and control of assignment/job status. | Can view statuses. | Can update/change assignment status. | Status hidden. | Critical for scheduling. |
| Pay Rate | Controls access to crew/job pay rate field. | Can view pay rates. | Can change pay rates. | Hidden completely. | Confidential, restrict tightly. |
| SSN | Controls access to Social Security Number field for users. | Can view SSN (partially masked). | Can enter/edit SSN. | Field fully hidden. | Highly sensitive PII – restrict except for admins. |
| Birthdate | Controls access to user birthdate field. | Can view date. | Can modify date. | Hidden completely. | Sensitive personal data. |
| Order | Controls access to Order details data element. | Can view order assigned. | Can modify or reassign order. | Field hidden. | Linked to Job workflows. |
| Job | Controls access to Job detail data element. | Can view job assigned. | Can modify Job association. | Hidden completely. | Core staffing control. |
| User Internal ID | Controls access to system-generated internal ID. | Can see ID reference. | Can edit/override ID (rare). | Hidden completely. | Typically needed only for system admins. |
Best Practices for Managing Functional Permissions
Apply Deny for all sensitive data fields (SSN, Birthdate, Pay Rate) unless explicitly needed by a role.
Use Read-only access for most operational users — this avoids accidental edits while maintaining visibility.
Restrict Write permissions to finance, payroll, or system admins for fields like Bill Rate, Pay Rate, and Rate Markup.
Always document changes before giving Write permissions at User level.
Combine Functional-Level and Screen-Level permissions for maximum security consistency (e.g., Deny Pay Rate even if Payroll page is visible).