website logo
ChartHop documentation
Carrot reference
Release notes
Navigate through spaces
ChartHop documentation
Carrot reference
Release notes
⌘K
Welcome
Welcome to ChartHop documentationšŸš€
Available ChartHop packages
Getting Started
ChartHop Video Library
Navigating ChartHop
ChartHop terminology
Markdown formatting
Filtering data
Home page
Visualizing your organization
Org Chart
Map
Data Sheet
Employee Profiles
Setting up ChartHop
Creating your ChartHop org
Importing spreadsheet data
Configuring your Org settings
User management
Permissions and security
Creating and managing groups
Customizing ChartHop
Forms
Fields
Customizing employee profiles
Document templates
ChartHop apps and bundles
ChartHop apps
ChartHop bundles
Performance management
Performance reviews
Org management
About org management
Working with jobs
Working with people
Working with job history
Announcing org changes
Planning
Scenarios
Headcount planning
Compensation reviews
Legacy compensation reviews
Compensation bands
Viewing your people data
ChartHop reports
Partners
Sequoia getting started
Accessing ChartHop as a Sequoia customer
ChartHop first run guide for Sequoia customers
ChartHop features available to Sequoia customers
Troubleshooting common sync errors
Developers
ChartHop connect
Developer basics
Events
Syncing data to/from ChartHop
Resources
ChartHop Standard Terms and Conditions
ChartHop Basic Agreement
Data Processing Addendum
Privacy policy
Security statement
Subprocessors
FAQ
Docs powered byĀ archbeeĀ 

User roles and permissions

Packages: Basic | Standard | Premium

You can control access to your organization's data by assigning user roles. Most members of the organization should be granted the employee role.

All employees have access to the main pages within ChartHop, regardless of role. Only the Technical owner role and the Owner role can view administrative pages. Learn more about ChartHop navigation.

Assigning roles to the members of your organization should be a thoughtful process and follow the principle of granting users only the permissions they need and no more than that. For a number of roles, including members of HR, recruiting, finance, IT, and more, additional permissions may be appropriate, depending on the needs of your organization.

For example, a department head will have access to sensitive data, such as compensation, for all of their reports, and their reports, all the way down the tree -- but would not receive access to peers or those in other departments.

For roles that have access to sensitive data, you can further filter what those with that role can see. For example, you can assign the Org editor role to multiple people in your organization, but filter each person to see only their department.

Only users with sensitive data access can view future-dated org changes, such as unannounced promotions.

ChartHop Basic customers have only two roles to choose from Employee and Owner.

ChartHop Basic and ChartHop Standard users can only use the default roles that ChartHop provides.

ChartHop Premium customers can work with their ChartHop representative to further customize the permissions associated with roles as necessary.

The following roles are deprecated. 

  • Time Off Viewer
  • Personal Contact Viewer

Access remains unchanged for users who have already been assigned these roles. Although new users cannot be assigned these roles.

Built-in user roles

Role

Description

Supports custom filters for assigned users

Employee

Allowed to see their own personal information and the sensitive information of anyone in their reporting line. This is the default access level, appropriate for most organization members.



Employee (no comp data)

The same access as an employee but without permission to view compensation data.



Compensation viewer

Same as an employee but can also see compensation data.

X

Guest

Can view org public data. Recommended for users outside the organization. Users who are org members can also see their own personal data, but not the sensitive data of individuals in their reporting line.



Org editor

Access to all sensitive data, including compensation, with the ability to edit and make permanent changes to the primary environment. Does not have admin capabilities such as the ability to install applications or change organization-wide settings.

X

Owner

Allowed full access to everything, including the ability to change user permissions, configure integrations, and alter organization-wide settings. Because of the scope involved, this access should be tightly restricted.

X

Recruiting Editor

Same as an employee and can view and edit open jobs.



Recruiter

Allowed to view sensitive information about open jobs only, including target compensation levels and viewing all sensitive data. Not allowed to make changes to the primary timeline or access sensitive information about current employees other than those they manage. Can merge scenarios.

X

Sensitive data viewer (Limited Comp)

Same as an employee but can also see all sensitive data except compensation for those outside of their reporting line.

X

Sensitive data viewer

Same as an employee but can also see all sensitive data, including for those outside of their reporting line.

X

Technical owner

Allowed to manage user permissions, configure apps and integrations, update custom fields, and alter organization-wide settings. However, they do not receive direct access to sensitive people data in the application. Because of the ability to configure data access and API keys, a Technical Owner could indirectly establish access to sensitive data (although such activity would be auditable), so this role should be granted with care to appropriate IT, staff.

X



Built-in permissions

The following permissions are associated with each built-in role. Customers who have ChartHop Premium can work with ChartHop technical support to customize roles for their organization.

Permission

Description

Associated with role

Standard access



All roles

Hide compensation

Cannot view any compensation data.

Employee (no comp data)

Hide all sensitive data

Can't view any sensitive data. Sensitive data includes compensation, personal contact info, and so on.



View time off

Can view time-off information for all employees.



View personal contacts

Can view personal information of all employees.



View cash compensation

Can view cash compensation for all employees.

Compensation viewer

View equity compensation

Can view equity compensation for all employees.

Compensation viewer

View all open jobs

Can see all open jobs.

Recruiter

View and edit all open jobs

Can view and edit all open jobs.

Recruiting editor

View all sensitive data

Can view all sensitive data for all employees.

  • Org editor
  • Owner

Manage fields

Can add, edit, delete, and organize fields.

Technical owner

Manage apps

Can install, configure, and uninstall apps.

Technical owner

Manage forms

Can add, edit, and delete forms.

Technical owner

Manage users

Can add, edit, and delete users.

  • Owner
  • Technical owner

Manage groups

Can add, edit, and delete groups.

  • Org editor
  • Technical owner

View and edit all org data

Can view and edit all org data for all employees.

Owner

Merge scenarios

Can merge scenarios.

Recruiting editor

Administrator

No restrictions.

Owner

Updated 17 Jan 2023
Did this page help you?
Yes
No
UP NEXT
Sensitive data
Docs powered byĀ archbeeĀ 
TABLE OF CONTENTS
Built-in user roles
Built-in permissions