User Permissions

this guide covers the different global access roles you can grant in ashby, along with providing access to specific jobs and creating your own custom permission roles permissions overview ashby supports three global user roles, or permission groups, that apply to your entire organization limited access (assigned to users by default) elevated access (where access roles for jobs, departments and locations are specifically assigned) organization admin permission types this section covers global user roles and job/team/location access roles for users in the employees section of your ashby account for your external recruiting partners, check out docid\ smnq8t0nusbvnjbyjy0rs limited access limited access is the default permission option these users can see information related to the specific interviews they are associated with they cannot access candidate profiles, the candidate pipeline, jobs, sequences, or reports but will be able to view candidate resumes as part of the interview briefing this permission set is best suited for your users who only log into ashby to submit interview feedback and referrals share the docid 2 wbm9pju sowws1jhpzz guide with these users to help them get up and running with ashby limited access users cannot add reports or dashboards to their home page elevated access elevated access is the middle tier permission option these users can see candidate profiles, jobs, sequences, and reports for the teams, locations and/or jobs to which they have been granted access when assigning a user elevated access and an access role to the job, you will be able to see further details about the job you’re assigning (such as the job requisition id and the location assigned to the job) this can help ensure the user gets access to the correct role if you have multiple jobs with the same name the following access roles can be assigned to those with elevated access hiring team member (htm in the grid below) this user has access to view candidate profiles, along with email communication and any feedback this role is for users who need access to more candidate information than the details listed in an interview briefing but who won’t be reviewing applications or scheduling interviews those with hiring team member access will not be able to email or schedule interviews for candidates hiring manager (hm in the grid below) this user has access to view candidate profiles, review applications and contact and edit the candidate this is likely a user who is managing the candidate pipeline for a specific role or department (scheduling interviews, archiving candidates based on feedback, etc) admin this is a user who has all the access to manage a pipeline but they can also create new roles and submit feedback on behalf of other users this is likely a user who oversees pipelines and can set up new roles but who isn’t involved in the offer process admin private (private in the grid below) a user who needs the above permissions but also access to generate and edit offers and view any private notes or fields (like salary expectations or other sensitive information) this user also has access to view hired candidates analyst a user who should only be able to view candidate profiles and email communication, used a lot for users generating reports on specific roles external recruiter this is a role assigned for users who are a part of an agency you can read more about setting up agency users at docid\ hprdn81j0nbggnh4s je1 quality of hire (qoh in the grid below) this is a role for users who need access to quality of hire survey data, either for specific departments and jobs, or for the entire organization (more on this at docid 8hgjn7fbdlsbnk1fk 2db ) no access this role can be added to an employee profile if the user is an organization admin or has an elevated access role across the organization and you’d like them to not have access to a certain job or department the grid below outlines the actions these users can take on candidate profiles and jobs this permission set is best suited for your users who log into ashby to view and take action on candidate profiles and jobs, but shouldn’t have access to change global admin permissions like hiring managers, sourcers, and recruiting coordinators share the docid\ ku4nmt5ueos8wfrgfxqny or docid\ zhso6kjxpxfszbeso2rll guides with new elevated access users to help them get up and running with ashby keep in mind that you can assign multiple access roles to a single user for example, you can grant someone hiring manager access to the marketing team and grant them analyst access for the entire organization elevated access users can also be granted a limited set of admin permissions you can read more on this at docid\ mhy0txb4sxnqye9xkvn8e elevated access access roles grid please note that these are the default permissions settings for access roles in ashby if access roles have been amended via the docid\ be1gtv2r0jgx do5mdnr tool, please review your active access roles at admin > organization settings > https //app ashbyhq com/admin/permissions/access roles , or reach out to an organization admin for assistance permissions qoh external recruiter analyst htm hm admin private can see candidate profiles ✅ ✅ ✅ ✅ ✅ ✅ can see notes ✅ ✅ ✅ ✅ ✅ can see email communication ✅ ✅ ✅ ✅ ✅ can see feedback forms ✅ ✅ ✅ ✅ can review applications ✅ ✅ ✅ can email/schedule candidates ✅ ✅ ✅ can add/edit candidates ✅ ✅ ✅ can access/use the chrome extension ✅ ✅ ✅ can add/edit jobs ✅ ✅ can submit feedback on behalf of others ✅ ✅ can see/edit hired candidates ✅ can see private notes/fields ✅ can make one off edits to approval processes (if enabled) ✅ can see quality of hire details ✅ emailing and scheduling are done using the google workspace or microsoft 365 integrations this means users must be a part of your domain to take these actions private notes/fields permissions allow access to private fields, data exports, candidate experience survey submissions and results, offers and files marked as private for more information on enabling the option to allow one off amendments to approval processes, check out docid\ e yblrbjigpkxpxjelyjo elevated access users will be able to view candidates who have not been considered for a job yet once that candidate is considered for a role, if the role isn’t a job the user has access to, they’ll no longer be able to see that candidate within candidate search or in projects the candidate has been added to organization admin in most cases, organizations admins should not be assigned job/team access roles, as they limit the features they have access to if you include job or team access roles, the user’s permissions for the specific job(s) or team(s) will be scoped down as shown in the elevated access chart above organization admin is the most permissive option these users can see and edit candidate profiles, jobs, sequences, reports for all candidates and jobs, and merge candidate profiles they can also make changes in the https //app ashbyhq com/admin/users section and to feedback/notes added by other users this permission set is best suited for users charged with configuring your team’s ashby account like recruiting team members and co founders limitations for organization admins include if their candidate profile is linked to their employee profile, they can’t see their own info they can not see confidential jobs unless explicitly granted access to them by the person that created the job, or by being given access to all confidential roles using the has access to all confidential jobs and projects within assigned permissions option within the permissions tab of their profile if an organization admin has specific permissions set for a role or team, the actions they can take for that role or team will be limited by the scoped down permissions refer to the chart above for details on what is allowed for those permission levels if those scoped down permissions should not be applied, they can be removed by another organization admin these users should review docid\ askvbp dff9riogkazshi and docid\ qyolopaybdwsem gsxjy3 to get up and running with ashby setting up permissions when the google workspace or microsoft 365 integration is set up with user syncing, your team members will automatically be provisioned and de provisioned in ashby the default permission option granted to users is limited access, which should cover most users for users that need more permissive roles, navigate to admin > organization setup > https //app ashbyhq com/admin/users , then search for their name in the employee list or by using the search field click on the permissions tab, then select their global user role from the dropdown menu if you select elevated access, you must also add at least one team or job access role for that user to be able to view jobs and candidates considered for those jobs visibility options for more on additional visibility options, check out docid b9z1lwpznhyqfkpdv9wv custom permission roles custom permission roles allow you to create new roles alongside those listed above for elevated access users, determining the access levels that best suit your needs if those available by default aren’t suitable you can also amend the existing access roles to adjust access as needed for more on this, check out docid\ be1gtv2r0jgx do5mdnr viewing employee permission history you can view a log of any changes to an employees permissions within their employee profile navigate to admin > organization setup > employees, then click on the user profile in question navigate to the history tab from here, you’ll be able to see any changes made to the user’s permissions, along with who made the change and a timestamp showing when the change was made changes that are logged include user being activated, deactivated or terminated changes to their global access role access roles being granted, including the jobs or department the access role has been provided for access roles being revoked viewing when a user was last active employees page you can now add a last active date? column on the employees page this will show the last date a user logged in to ashby click the column icon and toggle on the last active date? option to add it to the employee view reporting on user activity this is also available as a field for reporting and filtering, so you can view active employees by their last active date or create other reports focussed around user activity here’s an example of a report grouping users with paid/free seats by their last active date report type count over time subject employees timeframe timestamp last active date group by required paid seat? want to learn more? check out the https //academy ashbyhq com/course/permissions course in ashby academy! faq what is the difference between the hiring team on a job and permissions? the hiring team on a role describes a person’s relationship to the role and enables notifications for the role the hiring team is managed on the job’s settings page being on the hiring team does not grant a user permission to take action on the role, so if a user is set as a hiring manager within the hiring team, they will need to have permissions added to access and take action on candidates and within the job itself permissions are managed on a user's employee profile and determine their access what does following a job do? if you opt to follow a job by clicking more and then follow this job within the job, in addition to receiving notifications about the job/candidate, following will cause the job and/or job considerations for the job to be included in the results when using the 'involves' filter can i edit feedback submitted by someone else? organization admins can edit feedback submitted by other users to edit feedback left by another user navigate to the candidate profile in question and locate the feedback left within their feed click more and then edit on the feedback you'd like to amend add in your amendments, then click submit to confirm your changes can i update employees’ permissions in bulk? not yet, but this is on the roadmap keep an eye on our change logs for updates! i’m an organization admin, why can’t i access this data? the culprit is likely that your account has job/team access roles assigned in most cases, organizations admins should not be assigned job/team access roles, as they limit the features they have access to if you run into this, ask another organization admin to remove those roles from your profile what permissions are necessary to be able to use the chrome extension? users need at least elevated access hiring manager permissions to source with the chrome extension what happens to user permissions when i delete a team or department the user has access to? when you archive a team or department, then choose to delete it completely, any users or agencies with access to that department will be highlighted in the delete team pop up from there, you can select another team to assign user permissions to if they shouldn’t have permission to access another team, you can keep the drop down set to no team to remove the permissions for that user what is the external recruiter access role and what access does this provide? the external recruiter role is intended for agency users those with external recruiter access will only be able to view the candidates they add to a job, or candidates that their agency are listed as the source on we’d recommend checking out our docid\ hprdn81j0nbggnh4s je1 guides and setting up an agency if you’d like to provide agency users with access these users will also be able to add candidates to the jobs they have access to what is the quality of hire access role and what access does this role provide? the quality of hire access role is for those who need access to data from quality of hire surveys, either for specific departments and jobs, or for the entire organization (more on this at docid 8hgjn7fbdlsbnk1fk 2db ) please note that adding quality of hire access role will not restrict the account permissions to just viewing quality of hire surveys and will act in addition to existing permissions in ashby those who have surveys assigned to them (the hiring manager, for example), will be able to see the data from the surveys they’ve been assigned to without needing this access what permissions does a user need to view candidate experience survey responses? organization admin or elevated access users with an admin private role can view candidate experience survey responses, either on a candidate's profile, or at reports > candidate experience surveys what permission level do i need to change a candidate’s stage or archive their job consideration? to change the stage the candidate’s job consideration is in or archive their job consideration, you would need to have elevated access hiring manager access or higher to the job, team, or location what permission level do i need to add a note to a candidate profile? a user would need to have elevated access hiring manager access or higher to the job, team or location to have the option to leave notes on a candidate profile can i assign permissions based on location? if you have users who should have access to jobs in a specific location, you can now use location based access roles to assign as needed location based access roles are assigned within the permissions tab of a user’s profile in this case, if a job is both in the engineering team and the location on the job is set to north america, the role with the more restrictive permissions should apply (so in this example, the user would have hiring team member access to the engineering role based in north america) to override this, you could set an additional access role that applies specifically to roles both in the engineering team in new york and provide that more permissive access role there what if the roles overlap? in some cases, permissions may overlap see the example below; so this user has admin level access to roles that have their location set to san francisco and are in the product engineering sub team they also have admin private access to the product engineering roles that have their location set to london and the hr roles based in europe who can see the details of a candidate’s offer? only organization admins and those with elevated access admin private access can view offer details can i view the details of any changes that were made to user permissions? yes, you can view any changes that were made to a specific user’s permissions by heading to their profile within the employees page and clicking on the history tab you'll see a timestamp, an indication of who made the change, and a description of the change can a user see information about their own interview/hiring process in a report? users won’t be able to see themselves or data about their own journey in the hiring process in reports if their ashby profile is linked to their employee profile (more on this at docid b9z1lwpznhyqfkpdv9wv ) this can result in newly added users seeing slightly different data from other users when viewing reports (for example, one less hire listed in their hire reports, as they would be included as a hire but have their candidate data hidden from them) can i set another user’s notification preferences? no, users can only set their own notification preferences within their personal settings can i give a user access to a single candidate's profile? it isn’t currently possible to give an employee access to one specific candidate profile access roles are only granted on a job, job department and/or job location basis can i edit my own permissions? no, please reach out to an organization admin to have your permissions amended how do permissions work with openings? for more on the roles that can open and link openings to jobs, check out the docid\ ksxxwi1zugaw8lrp8jwxz