User Permissions

28 min

this guide covers the different global access roles you can grant in ashby along with global access roles, you can also provide job, location and department specific access roles this ensures that your users only have access to the information they need to for more on user sync and adding new hires as users in ashby, check out how do i provision new users in my ashby account? docid\ clyuixmcc8lzcyca3umzi permissions & prerequisites you must be an organization admin to edit another user's permissions or access roles organization admins cannot edit their own permissions and will need to ask another organization admin to edit their access for them permissions overview ashby supports three global user roles, or permission groups, that apply to your entire organization limited access docid\ i5jhibmkqhyobnnvrl8rk elevated access docid\ i5jhibmkqhyobnnvrl8rk organization admin docid\ i5jhibmkqhyobnnvrl8rk permission types this section covers global user roles and job/team/location access roles for users in the employees section of your ashby account for your external recruiting partners, check out agencies users limited access limited access is the default permission option these users can see information related to the specific interviews they are associated with they cannot access candidate profiles, view candidate notes, access the candidate pipeline, jobs, sequences, or reports but will be able to view candidate resumes as part of their interview briefing this permission set is best suited for your users who only log into ashby to submit interview feedback and referrals share the getting started for interviewers guide with these users to help them get up and running with ashby limited access users cannot pin reports or dashboards to their home page elevated access elevated access users can see candidate profiles, jobs, sequences, and reports for the teams, locations and/or jobs to which they have been granted access when assigning a user elevated access and an access role to a job, you will be able to see further details about the job you’re assigning (such as the job requisition id and the location assigned to the job) this can help ensure the user gets access to the correct role if you have multiple jobs with the same name the following access roles can be assigned to those with elevated access quality of hire (qoh in the grid below) this is a role for users who need access to quality of hire survey data, either for specific departments and jobs, or for the entire organization (more on this at quality of hire surveys ) external recruiter these users can see candidate profiles but have no further permissions this is a role assigned for users who are a part of an agency you can read more about setting up agency users at agencies setup analyst a user who should only be able to view candidate profiles and email communication this access role is used a lot for users running reports hiring team member (htm in the grid below) this user has access to view candidate profiles, along with email communication and any feedback this role is for users who need access to more candidate information than the details listed in an interview briefing but who won’t be reviewing applications or scheduling interviews those with hiring team member access will not be able to email or schedule interviews for candidates hiring manager (hm in the grid below) this user has access to view candidate profiles, review applications and contact and edit the candidate they can also use the ashby chrome extension this is likely a user who is managing the candidate pipeline for a specific role or department (scheduling interviews, archiving candidates based on feedback, etc) admin this is a user who has all the access to manage candidates and the job pipeline they can also create new jobs and submit feedback on behalf of other users this is likely a user who oversees pipelines and can set up new roles but who isn’t involved in the offer process they have access to the candidate profile admin private (private in the grid below) this user has all the same permissions as the admin access role plus access to generate and edit offers and view any private notes or fields (like salary expectations or other sensitive information) this user also has access to view hired candidates no access this role can be added to an employee profile if the user is an organization admin or has an elevated access role across the organization and you’d like them to not have access to a certain job or department they will not have any access to the job, location or department this role is assigned to them for the grid below outlines the actions these users can take on candidate profiles and jobs this permission set is best suited for your users who log into ashby to view and take action on candidate profiles and jobs, but shouldn’t have access to change global admin permissions like hiring managers, sourcers, and recruiting coordinators share the getting started for hiring managers or getting started for recruiting coordinators guides with new elevated access users to help them get up and running with ashby you can assign multiple access roles to a single user for example, you can grant someone hiring manager access to the marketing team and grant them analyst access for the entire organization, so they only have additional access granted as needed elevated access users can also be granted a limited set of admin permissions you can read more on this at additional user permissions elevated access access roles grid please note that these are the default permissions settings for access roles in ashby if access roles have been amended via the manage access roles tool, please review your active access roles at admin > organization setup > access roles https //app ashbyhq com/admin/permissions/access roles , or reach out to an organization admin for assistance click on the image below to open up the access role grid a grid listing the permissions each access role has, going from quality of hire to admin private elevated access users will be able to view candidates who have not been considered for a job yet once that candidate is considered for a role, if the role isn’t a job the user has access to, they’ll no longer be able to see that candidate within candidate search or in projects the candidate has been added to organization admin in most cases, organizations admins should not be assigned job/team access roles, as they limit the features they have access to if you include job or team access roles, the user’s permissions for the specific job(s) or team(s) will be scoped down as shown in the elevated access chart above organization admin is the most permissive option these users can see and edit candidate profiles, jobs, sequences, reports for all candidates and jobs, and merge candidate profiles they can also make changes in the admin https //app ashbyhq com/admin/users section and to feedback/notes added by other users this permission set is best suited for users charged with configuring your team’s ashby account like recruiting team members and co founders potential limitations for an organization admin's access include if their candidate profile is linked to their employee profile, they can’t see their own info more on this at visibility options for users docid b9z1lwpznhyqfkpdv9wv they can not see confidential jobs unless explicitly granted access to them by the person that created the job, or by being given access to all confidential roles using the has access to all confidential jobs and projects within assigned permissions option within the permissions tab of their profile if an organization admin has specific permissions set for a role or team, the actions they can take for that role or team will be limited by the scoped down permissions refer to the chart above for details on what is allowed for those permission levels if those scoped down permissions should not be applied, they can be removed by another organization admin organization admins do not have access to quality of hire information by default, they would need to be assigned the quality of hire access role alongside their organization admin global access role these users should review ashby admin onboarding and getting started for recruiters to get up and running with ashby assigning permissions the default permission option granted to users is limited access, which should cover most users to amend a user's permissions navigate to admin > organization setup > employees https //app ashbyhq com/admin/users search for the user by their name in the employee list or by using the search field click on their profile to open up their profile details click on the permissions tab, then select their global user role from the dropdown menu if you select elevated access, you must also add at least one team or job access role for that user to be able to view jobs and candidates considered for those jobs visibility options for more on additional visibility options, check out visibility options for users custom permission roles custom permission roles allow you to create new roles alongside those listed above for elevated access users, determining the access levels that best suit your needs if those available by default aren’t suitable you can also amend the existing access roles to adjust access as needed for more on this, check out manage access roles want to learn more? check out the user permissions https //academy ashbyhq com/course/permissions course in ashby academy! faq what is the difference between the hiring team on a job and permissions? the hiring team on a role describes a person’s relationship to the role and enables notifications for the role the hiring team is managed on the job’s settings page being on the hiring team does not grant a user permission to take action on the role, so if a user is set as a hiring manager within the hiring team, they will need to have permissions added to access and take action on candidates and within the job itself permissions are managed on a user's employee profile and determine their access can i update employees’ permissions in bulk? this isn't currently possible i’m an organization admin, why can’t i access this data? it is likely that your account has job/team access roles assigned in most cases, organizations admins should not be assigned job/team access roles, as they limit the features they have access to if you run into this, ask another organization admin to remove those roles from your profile what permissions are necessary to be able to use the chrome extension? users need at least elevated access hiring manager permissions to source with the chrome extension what happens to user permissions when i delete a team or department the user has access to? when you archive a team or department, then choose to delete it completely, any users or agencies with access to that department will be highlighted in the delete team pop up from there, you can select another team to assign user permissions to if they shouldn’t have permission to access another team, you can keep the drop down set to no team to remove the permissions for that user what is the external recruiter access role and what access does this provide? the external recruiter role is intended for agency users those with external recruiter access will only be able to view the candidates they add to a job, or candidates that their agency are listed as the source on we’d recommend checking out our agencies setup guides and setting up an agency if you’d like to provide agency users with access these users will also be able to add candidates to the jobs they have access to what is the quality of hire access role and what access does this role provide? the quality of hire access role is for those who need access to data from quality of hire surveys, either for specific departments and jobs, or for the entire organization (more on this at quality of hire surveys ) please note that adding quality of hire access role will not restrict the account permissions to just viewing quality of hire surveys and will act in addition to existing permissions in ashby those who have surveys assigned to them (the hiring manager, for example), will be able to see the data from the surveys they’ve been assigned to without needing this access what permissions does a user need to view candidate experience survey responses? organization admin or elevated access users with an admin private role can view candidate experience survey responses, either on a candidate's profile, or at reports > candidate experience surveys what permission level do i need to change a candidate’s stage or archive their job consideration? to change the stage the candidate’s job consideration is in or archive their job consideration, you would need to have elevated access hiring manager access or higher to the job, team, or location what permission level do i need to add a note to a candidate profile? a user would need to have elevated access hiring manager access or higher to the job, team or location to have the option to leave notes on a candidate profile can i assign permissions based on location? if you have users who should have access to jobs in a specific location, you can now use location based access roles to assign as needed location based access roles are assigned within the permissions tab of a user’s profile in this case, if a job is both in the engineering team and the location on the job is set to north america, the role with the more restrictive permissions should apply (so in this example, the user would have hiring team member access to the engineering role based in north america) to override this, you could set an additional access role that applies specifically to roles both in the engineering team in new york and provide that more permissive access role there what if the roles overlap? in some cases, permissions may overlap see the example below; so this user has admin level access to roles that have their location set to san francisco and are in the product engineering sub team they also have admin private access to the product engineering roles that have their location set to london and the hr roles based in europe who can see the details of a candidate’s offer? only organization admins and those with elevated access admin private access can view offer details can i view the details of any changes that were made to user permissions? yes, you can view any changes that were made to a specific user’s permissions by heading to their profile within the employees page and clicking on the history tab you'll see a timestamp, an indication of who made the change, and a description of the change you can read more on this at auditing and reporting on user permissions and user active dates docid\ pec90pudqbiljnikttmlm can a user see information about their own interview/hiring process in a report? users won’t be able to see themselves or data about their own journey in the hiring process in reports if their ashby profile is linked to their employee profile (more on this at visibility options for users ) this can result in newly added users seeing slightly different data from other users when viewing reports (for example, one less hire listed in their hire reports, as they would be included as a hire but have their candidate data hidden from them) can i give a user access to a single candidate's profile? this isn't possible currently access roles are only granted on a job, job department and/or job location basis how do permissions work with openings? for more on the roles that can open and link openings to jobs, check out the openings management guide can i switch an agency user to be an employee user instead, so i can assign them different permissions? you can, yes this is usually used when you’d like to provide an agency user with additional access to certain roles (for example, the ability to schedule candidates and view all candidates considered for the role) head to admin > organization setup > agencies select the agency and the agency user in question head to the permissions tab on the user’s profile in the agency drop down, click the x beside the agency name this will remove the link between the user and the agency the user will automatically be given the limited access access role if you’d like to provide them with a specific access role to a job or department, set them to have elevated access, the determine the level of access they should have and the roles, departments or locations they should have access to if you’d like to switch an employee user to be an agency user, use the agency dropdown on the user’s profile to select an agency and assign it to the user