Creating Access Groups

Objective

After completing this lesson, you will be able to create and assign access groups to manage permissions and data visibility.

Overview of Access Groups

In SmartRecruiters, controlling access to sensitive data and functionalities is crucial for ensuring that the correct users have access to the correct jobs, candidate data, and areas of the recruiting system. Access groups provide a flexible way to manage permissions for users with specific system roles.

The use of access groups with system roles provide customers with a vital tool for managing user permissions and ensuring data security. They allow administrators to define specific levels of access for different system roles within the organization.

When thinking of the overall permissions granted to a user, you will have to consider both the system role, and whether an access group is needed.

Feature	System Role	Access Group
Definition	A predefined set of permissions or capabilities (examples: create a job, edit a candidate, access settings).	A dynamic layer of permissions applied to a system role, defined by specific org fields(examples: country, department).
Example	Admin Extended Standard Basic	All Sales Jobs in France All IT Jobs in North America All Jobs for Brand X
Control Level	System-level access and feature permission.	Filtered visibility and specified access.

Note

Remember, default and custom system roles define system-level access to jobs, hiring team and analytics.

Displays system roles page, where you define default and custom roles and access levels to jobs and candidates, configuration, and analytics.

In many cases, recruiters don’t need access to all jobs, but just those that they are responsible for, such as line of business or business unit. Using access groups, a layered filter of permissions can be applied in addition to the system role that a user receives. Access groups can be used for default (except for Admin and Extended) and custom system roles defined in the system.

For example, a recruiting user can be assigned the default system role of Standard, which gives them the ability to create jobs, and access to hiring teams and certain analytic features). However, the Standard role, by default, does not grant permissions to all jobs. Without an access group assigned, this recruiter would only see jobs for which they are added to the applicable Hiring Team. If the access group is set to Sales jobs in France, the recruiter can see all jobs and applicants for the jobs where they’re on the Hiring Team, in addition to all other sales jobs located in France.

Example use case:

A company operates in the market under three different brands- A, B and C - in 2 different countries - Germany and France. Each brand has assigned recruitment teams by country who should only be able to access jobs in their own country and brand. To achieve this, 6 access groups would have to be created to match this criteria:

Access group 1 - Company A, Germany
Access group 2 - Company A, France
Access group 3 - Company B, Germany
Access group 4 - Company B, France
Access group 5 - Company C, Germany
Access group 6 - Company C, France

Let's now consider that, for each country, there's a head of recruitment activities that needs to have access to all jobs in that country regardless of brand or any other criteria. This would require 2 more access groups, one per country. Each access group would then need to be assigned by an admin to the correct user(s) via the user profile.

If a user is given multiple permissions on the same job(s), the highest permissions will be granted. For example:

If User A has limited access to all jobs, and full access to Sales Jobs in France, the user will have access to all jobs under that access group and limited access to the remaining jobs.
If User B has limited access to all jobs, and view only access to Sales Jobs in France, the user will still have limited access to all jobs.

Limited Permissions

Limited permissions allow a user to see the following information for jobs and candidates:

Jobs List Tab

Can	Can't
Filter jobs	Edit, publish, share, cancel, or delete jobs
See job location	Make referrals
See open dates	Send to Agency
See job statuses
See ref numbers

Individual job page

Can	Can't
See job location, date, status, and link	See jobs details
See basic sourcing info	See candidates comparison
See applicants list, activity, job ad, hiring process and interview tabs	Send to agency
Filter candidates	Edit, publish, unpublish, share cancel, or delete a job
See candidate name, title, source, job and status	Edit Hiring Team or Scorecard
Email, share, or invite candidates	Reject, defer, delete, hire, or mark candidate as withdrawn
Reassign or add another job
Add candidate
Compare candidates
Remove from job
See or leave ratings

People List Tab

Can	Can't
Filter candidates	Defer or delete candidate
See, candidate name, title, job applied to, status	Merge candidate profiles
See date added to system and last updated date
Add to job
Add candidate

Candidate profile

Can	Can't
See and edit contact information	Move candidate through hiring process
See emails and email candidate	Defer, reject, delete or mark as withdrawn
See notes and leave notes	Send to agency
See reviews and scorecards, leave ratings, fill out scorecards	Edit, publish, unpublish, share, cancel or delete job
Add to another job	Edit Hiring Team or Scorecard
See profile, tags, application fields	See offers or extended offers
See and edit application fields
See and add attachments
See screening questions answer
Schedule interviews
Reassign or remove from job

Watch the video on Creating Access Groups for more detailed information!

This video is for demonstration purposes. Any references made in this video to previous or later videos in this course (including titles, numbers, links, or sequence) may differ from the current course structure. Additionally, some functionalities shown may have evolved over time due to ongoing enhancements or business decisions.

Create an Access Group

Steps

Navigate to Settings.
Within the Permissions category, select Access Groups.
Select Create group.
Provide the group information, including:
1. Access group name
2. Short Description
Within the configuration section, select the appropriate organization information to define this access group.

Example

Displays the Create access group page, where the group name, description, brands, and countries are identified when creating a group.

Assign Access Groups to a User

Steps

Navigate to Settings.
In the Permissions section, select User Management.
Find the user you wish to modify in the list of users.
To the right of their name and email, select the pencil icon.
Under User role, select the role you wish to assign to the user.
Click Save.

Best Practices When Working with Access Groups

Regularly Review Access Groups: Periodically review access groups to ensure that they still align with the organization's needs and security policies.
Use Descriptive Names: Use clear and descriptive names for access groups to make them easy to identify and manage. Deciding on a naming convention format also helps future Access Groups Management.
Minimize Overlapping Permissions: Avoid assigning overlapping permissions to users to prevent confusion and potential security risks.
Document Access Group Policies: Maintain documentation outlining the purpose and permissions of each access group for reference and auditing purposes.

Summary

Access groups in SmartRecruiters provide a way to manage permissions and data visibility for users with specific system roles.
Access groups act as a dynamic layer of permissions, filtering access based on organizational criteria such as country or department.
System roles define what a user can access, while access groups determine the jobs and candidates they can access.
When a user is assigned multiple permissions, the highest level of permission is granted.
Best practices for Access Groups include regular reviews, descriptive names, minimizing overlapping permissions, and documenting policies.

Next lesson