User roles and permissions
You can control access to your organization's data by assigning user roles. Most members of the organization should be granted the employee role.
All employees have access to the main pages within ChartHop, regardless of role. Only the Technical owner role and the Owner role can view administrative pages. Learn more about ChartHop navigation.
Assigning roles to the members of your organization should be a thoughtful process and follow the principle of granting users only the permissions they need and no more than that. For a number of roles, including members of HR, recruiting, finance, IT, and more, additional permissions may be appropriate, depending on the needs of your organization.
For example, a department head will have access to sensitive data, such as compensation, for all of their reports, and their reports, all the way down the tree -- but would not receive access to peers or those in other departments.
For roles that have access to sensitive data, you can further filter what those with that role can see. For example, you can assign the Org editor role to multiple people in your organization, but filter each person to see only their department.
Only users with sensitive data access can view future-dated org changes, such as unannounced promotions.
ChartHop Basic customers have only two roles to choose from Employee and Owner.
ChartHop Basic and ChartHop Standard users can only use the default roles that ChartHop provides.
ChartHop Premium customers can work with their ChartHop representative to further customize the permissions associated with roles as necessary.
The following roles are deprecated.
- Time Off Viewer
- Personal Contact Viewer
Access remains unchanged for users who have already been assigned these roles. Although new users cannot be assigned these roles.
Supports custom filters for assigned users
Allowed to see their own personal information and the sensitive information of anyone in their reporting line. This is the default access level, appropriate for most organization members.
Employee (no comp data)
The same access as an employee but without permission to view compensation data.
Same as an employee but can also see compensation data.
Can view org public data. Recommended for users outside the organization. Users who are org members can also see their own personal data, but not the sensitive data of individuals in their reporting line.
Access to all sensitive data, including compensation, with the ability to edit and make permanent changes to the primary environment. Does not have admin capabilities such as the ability to install applications or change organization-wide settings.
Allowed full access to everything, including the ability to change user permissions, configure integrations, and alter organization-wide settings. Because of the scope involved, this access should be tightly restricted.
Same as an employee and can view and edit open jobs and merge scenarios.
Allowed to view sensitive information about open jobs only, including target compensation levels and viewing all sensitive data. Not allowed to make changes to the primary timeline or access sensitive information about current employees other than those they manage.
Sensitive data viewer (Limited Comp)
Same as an employee but can also see all sensitive data except compensation for those outside of their reporting line.
Sensitive data viewer
Same as an employee but can also see all sensitive data, including for those outside of their reporting line.
Allowed to manage user permissions, configure apps and integrations, update custom fields, and alter organization-wide settings. However, they do not receive direct access to sensitive people data in the application. Because of the ability to configure data access and API keys, a Technical Owner could indirectly establish access to sensitive data (although such activity would be auditable), so this role should be granted with care to appropriate IT, staff.
The following permissions are associated with each built-in role. Customers who have ChartHop Premium can work with ChartHop technical support to customize roles for their organization.
Associated with role
Cannot view any compensation data.
Employee (no comp data)
Hide all sensitive data
Can't view any sensitive data. Sensitive data includes compensation, personal contact info, and so on.
View time off
Can view time-off information for all employees.
View personal contacts
Can view personal information of all employees.
View cash compensation
Can view cash compensation for all employees.
View equity compensation
Can view equity compensation for all employees.
View all open jobs
Can see all open jobs.
View and edit all open jobs
Can view and edit all open jobs.
View all sensitive data
Can view all sensitive data for all employees.
Can add, edit, delete, and organize fields.
Can install, configure, and uninstall apps.
Can add, edit, and delete forms.
Can add, edit, and delete users.
Can add, edit, and delete groups.
View and edit all org data
Can view and edit all org data for all employees.
Can merge scenarios.