Set security levels
This is an administrative function only. Only users with certain permissions can perform these tasks.
Security levels enable you to refine the security of your employee records at individual employee level. Managing security levels is complex, and we recommend that you discuss them with your IRIS Cascade consultant or service desk.
Security levels add an extra layer of restriction to users’ access, which can extend the security provided by roles and profiles.
When to use security levels
For most organisations, roles, profiles and the hierarchy provide enough security and there is no need to use security levels.
For example, typical employees do not need a security level, as they only ever access their own record. The same applies to line managers, as they only see their own record and the records of their direct reports.
However, you may need to prevent users such as HR administrators who have a global view of the organisation from viewing the records of other specific employees (for example, directors or other members of the HR team) and you can use security levels to do this.
How security levels work
The security level system works by comparing two numbers: the first number is stored on each employee’s Work screen, and the second is a value in each employee’s user account.
If the user account value is less than the Work screen value, the user can access that employee. If the user account value is greater than the Work screen value, the user is not allowed to access that employee.
The values can be any number between 0 and 100. By default, every employee’s Work screen value is set to 100 and every user account is set to 0. This means that by default no security level restrictions are active.
Security level table
If you decide that you need to use security levels, you must first think about which employees will be on which level before you start, as it can be difficult to make changes after the levels have been rolled out. It may help to plan out security levels in a grid similar to the one below.
Note that rather than setting the values of the levels close together (1, 2, 3 etc) it is better to use bigger gaps/numbers (10, 20, 30 etc), so that if you want to add more levels in the middle you can do so without having to rearrange all the values.
| Who | Level to see other records (user account) | Level to be seen (Work screen) |
| HR system admin | 0 | 10 |
| Directors | 0 | 10 |
| HR admin team | 50 | 20 |
| IT team | 100 | 50 |
| All other employees | 100 | 100 |
If you use this plan, HR system administrators will have full visibility of all employees, as will the directors. However, each HR administrator will be unable to view the other HR administrators, the system administrators, and the directors.
Set a user’s security level for viewing other employees
The security level for viewing other employees is set in each user account.
-
Go to Admin > Users, Profiles & Roles.
-
Select Users then click the user whose security level you want to change
-
Select the Login Details tab.
-
In the Security Levels box, type a level number.
-
Select Save.
Set a user’s security level for being viewed by other employees
The level that the system uses for deciding who can view an employee’s record is held on the Work screen.
To change this security level, go to the employee’s Work screen and type the appropriate number in the Security Level field.