Roles are rights configurations that you can associate with several users.
They allow you to save time and increase security in managing access rights for your different users.
This article describes the steps involved in creating and configuring a role that you can then associate with one or more users.
Create a role
From an existing role
Administration > Managers / Roles > Roles tab
Note
There are two types of roles:
"Managers" roles
These are accessible only to resources with a manager account; they allow you to configure access to all your modules.
"Intranets" roles
These are accessible only to resources with an intranet account; they allow you to configure only activity entry (timesheets, expenses, absences, provider invoices).
By clicking the + button, you can create a role manually, but this requires you to completely rethink the accessible perimeters and restrictions you want to set up for your managers.
We therefore recommend creating your roles directly from an existing one to save time and maintain your logic on the main modules.
When you choose "Create a role from a template" you can select from your existing roles.
You just need to name it and then check the access for the different modules to adapt it to your needs. For example, this allows you to create a restricted role and then a broader one for senior profiles (e.g., junior sales / senior sales).
If the list is empty, it means you haven't created any roles yet, but don't worry, our library is available to help you!
Note
Your Boond interface comes with 4 default roles:
- A "Super user" Manager role: has access to everything
- Three Intranet roles: Intranet Employee, Intranet Freelance, Intranet Subcontractor:
The intranet employee by default gives access to Timesheets, Expenses, and Absences modules
The intranet subcontractor by default gives access to Timesheets and Expenses modules
The intranet freelance by default gives access to Timesheets, Expenses, and My invoices modules
Of course, you can edit the default configuration if needed, create new intranet roles (only if you subscribed to the Enterprise offer), and finally choose the appropriate intranet when activating the intranet for your resources (see the dedicated article here).
⠀
From our role library
You can also create your roles based on the library provided.
For each role, you will have access to a description indicating the main functions and perimeters. You can, of course, modify them afterwards.
Configure a role
⠀
General information
Agencies
When you configure roles, you define accessible perimeters for each module. So, when your interface contains several legal agencies, you can create a global role and then decide that secondary agencies are managed by the manager's card, or create specific roles per agency and indicate that secondary agencies are enforced by the role.
In any case, managers will always be linked to a main agency.
This configuration will later allow you to specify "His Agencies" (meaning: main agency and secondary agencies) in the module access perimeter and thus hide certain data.
Poles
The logic is the same for poles.
Note, there is no obligation to have poles. They simply allow you to segment your activity differently than through agencies by linking cards.
Thus, two cards from different agencies can be linked to the same pole. You can filter by pole in different modules and also do reporting by pole.
Our recommendation
For uniformity in roles, it is preferable to have only one role that adapts to the manager's agencies and poles (unless you have specific requirements), so it is better to manage agencies and poles by manager rather than by role.
⠀
General module configuration
You can choose to activate modules or not, then click the cogwheel to configure access.
Globally, for each module you have 3 configurable sections:
Then, specific features for each module.
Module specifics
Candidates module
In the Candidates module, you can restrict access based on card type and their state.
Exclusion of cards by type
This allows you, for example, to hide data you consider confidential, such as candidate cards for people in structure (staff).
In the example above, the manager will see the candidate list and information displayed when in list view (emails and phones in particular), but access will be denied when clicking on them.
Exclusion of cards by state
This allows you, for example, to hide data you consider confidential, such as the Administrative tab containing contract simulation and the future employee's salary.
In the example above, the manager will see the candidate in the list and all their information, except the Administrative tab and its contents.
Restrictions can be combined.
Warning
This does not make the card invisible; it will still appear in the module's global search view.
Restrictions apply only if the user and their N-1 are not the main manager of the card.
Contracts
Access to candidate contract data depends on the rights given in the Cards section and restrictions. Additionally, the user can read and write contracts for candidates whose "Administrative data" group is accessible in write mode.
In the "Other" section, you can also decide whether to allow the manager to create contract simulations.
⠀
Resources module
In the Resources module, you can restrict access:
based on card type
if the resource has a manager account
if the resource does not have a manager assigned (usually directors)
As with candidates, these restrictions can hide all information on the card or only certain tabs.
Warning
This does not make the card invisible; it will still appear in the module's global search view.
Restrictions apply only if the user and their N-1 are not the main manager of the card.
⠀
CRM module
The CRM module is divided into two parts: companies and contacts.
Permissions
The CRM module's permission perimeter is very granular. You can detail your managers' rights based on:
Their main and secondary agencies
Their poles
Their business units
Their perimeter and their N-1's perimeter as main manager
Their perimeter and their N-1's perimeter as influencer
For example, in the following configuration:
The user will be able to:
Read all "Company" cards in the group
Read and write all cards within their perimeter as main manager, all cards where they are influencer, and all cards where their N-1 are main manager and/or influencer.
Read and write all cards whose main manager or influencer is a manager in their business unit.
For example: Michel and Pierre are part of the Digital business unit, so with these rights, Michel can view and edit Pierre's cards if Pierre is manager or influencer of the card in question.
It is also possible to limit only to N-1 if they are main manager ("the user and their N-1 as main manager"), or if they are influencer ("the user and their N-1 as influencer").
Did you know?
Rights cards add up, so you can always create the broadest card and then refine it to indicate that your manager has the right to see this element + that one.⠀
Tip: duplication
It is possible to set different access perimeters for companies and contacts.
This allows you to grant exactly the same rights on company cards and contact cards, but you can modify them after duplication.
For example, in the following configuration:
We duplicated the configuration and then deleted the card granting access to all contact cards in the group. Thus, the user:
Has read access to all company cards in the group, then read and write access to all cards in their perimeter, their N-1's perimeter, and their business unit's perimeter
Has read and write access only to contact cards in their perimeter, their N-1's perimeter, and their business unit's perimeter
⠀
Opportunities module
Opportunity viewing and search rights
If you want your user to see all opportunities associated with certain cards (companies, contacts, etc.) without seeing all opportunities from the search view, this section will interest you.
For example:
If nothing is checked: opportunities are visible in the relevant tab within the limits of the authorized perimeters indicated above
If items are checked: all opportunities are visible in the relevant tab regardless of the perimeter indicated above
Even if they are visible in the list, opportunities will only be clickable if the rights defined in the module's "Card" configuration allow it.
Usage example: you want salespeople to filter on certain perimeters in the Opportunities module but still be able to see all opportunities linked to a company or contact before prospecting them.
Tip:
The Opportunities module is divided into two submodules: Opportunities and Positionings. If your access logic is identical for both submodules, you can use duplication for search filters and accessible views in the Search configuration
This allows you to grant exactly the same access perimeters in search for opportunity cards and positioning cards. You can modify them after duplication.
Access to cards
Access to positionings depends on the rights configured in the Opportunities module in the Card configuration section.
If access is granted to the "positionings" data group, the user can view/create positionings on positionings
If you want the user to edit positionings, they must also have the right to edit main data
For example, in this configuration the user can read and write on opportunities in their perimeter and in their N-1's perimeter, and thus access all related positionings and assign profiles themselves.
⠀
Projects module
Project viewing and search rights
Projects are visible from several places in Boond: the Projects module, the Projects tab in Resource cards (which also gives visibility on deliveries), the Projects tab in CRM cards (companies and contacts), the Projects tab in product cards.
Thus, in the "Search" configuration of the Projects module, you can decide to make projects visible on a given perimeter or on all projects combined.
This means: see all project cards in the group from each search view or from the "projects" tab in resource cards, for example.
For example:
If nothing is checked: projects are visible in the relevant tab within the limits of the authorized perimeters indicated above
If items are checked: all projects are visible in the relevant tab regardless of the perimeter indicated above
Tip: duplication
The Projects module is divided into two submodules: Projects and Deliveries. If your access logic is identical for both submodules, you can use duplication for search filters and accessible views in the Search configuration
This allows you to grant exactly the same access perimeters in search for project cards and delivery cards. You can modify your configuration after duplication.
Exclusion of cards by state
This allows you, for example, to "close" an archived project so it can no longer be modified.
In the example above, the manager will see the list of accessible projects in their perimeter and see the main and consumption data, but will not be able to modify the cards or access restricted tabs.
Restrictions can be combined.
Warning
This does not make the card invisible; it will still appear in the module's global search view.
Restrictions apply only if the user and their N-1 are not the main manager of the card.
⠀
Activity and Expenses module
Search rights
The Activity & Expenses module is divided into several submodules:
Timesheet
Expense report
Absence request
Imposed absences
Validation
Thus, in search views you can choose which items to display and filter by submodule. For example, this allows you to decide that a manager can filter on all timesheets in their agency but only expense reports for their N-1.
Tip: duplication
If your access logic is identical for all submodules, you can use duplication for search filters and accessible views in the Search configuration.
This allows you to grant exactly the same access perimeters in search in the Activity and Expenses submodules. You can modify your configuration after duplication.
Access to cards
The particularity of the Activity & Expenses module is that access to its cards depends on the rights indicated in the Resources module. Thus, in the Resources module you indicate read and write rights on timesheets, expense reports, and absence requests, then in the Activity & Expenses module you define the access perimeter in list view for the cards. Therefore:
Depending on the rights configured in the Resources module in the Card configuration section:
The user can read and write timesheets for resources whose "Timesheets" group is accessible in read mode or for whom they are validator
The user can read and write expense reports for resources whose "Expense reports" group is accessible in read mode or for whom they are validator
The user can read and write absence requests for resources whose "Absence requests" group is accessible in read mode or for whom they are validator
Absolute validation
In the Other configuration of the module, you can choose to activate the checkbox: Always allow to validate, unvalidate, and reject activity & expenses.
Once this checkbox is activated, the user can validate, reject, or unvalidate instead of another manager even if they are not in the workflow. With this checkbox, they can also self-validate, unvalidate, and reject their own documents.
⠀
Billing module
Invoice and order viewing and search rights
Orders and invoices are visible from several places in Boond: the Billing module, the Billing tab in CRM cards (companies and contacts).
The search configuration allows you to filter and search on wider or narrower perimeters. The key "see all cards in the group" overrides these perimeters in the mentioned views, i.e.: in the Billing module (without filter) and in the CRM tabs (companies and contacts).
However, the invoice card is only clickable if your access rights allow it.
Tip: duplication
The Billing module is divided into two subcategories: Invoices and Orders. If your access logic is identical for both submodules, you can use duplication for search filters and accessible views in the Search configuration
This allows you to grant exactly the same access perimeters in search for Invoice cards and Order cards. You can modify them after duplication.
⠀
Purchases module
Viewing and search rights
If you want your user to see all purchases associated with certain cards (companies, contacts) without seeing all opportunities from the search view, this section will interest you.
For example:
If nothing is checked: purchases are visible in the relevant tab, within the limits of the authorized perimeters indicated above
If items are checked: all purchases are visible in the relevant tab, regardless of the perimeter indicated above
⠀
Tip: duplication
The Purchases module is divided into two subcategories: Purchases and Payments. If your access logic is identical for both submodules, you can use duplication for search filters and accessible views in the Search configuration
This allows you to grant exactly the same access perimeters in search for Purchase cards and Payment cards. You can modify them after duplication.
Other rights
⠀
Reporting
In this section you can:
Enable reportings the manager can access
Configure search rights for these reportings
⠀
Miscellaneous
In this tab you can configure certain rights for various options.
Actions
In the Actions module, you can configure:
Note
From the Search section you can go further regarding action viewing and, by checking the boxes, allow access to all actions of candidate/resource/contact/company cards for which the "Action" data group is accessible in read mode.
⠀
Flags
You can configure:
Notification Center
You can configure search rights on the module.
Forms
This feature allows you to send surveys to your employees.
You can configure:
Sharing / Collaboration
You can share cards, start a discussion thread, share your saved searches, action templates, and email templates.
In the Search section, you can determine who this role can share items with and notify in discussion threads. This allows you to secure and refine the list of people you share items with and avoid being overwhelmed by a long list.
In the Miscellaneous section, you can allow people with this role to share their saved searches, action templates, and email templates.
Warning
⠀
Enabling this option allows your employee to access all discussion threads of cards they access.
Download Center
Each time a document is exported from Boond, it appears in the download center.
You can configure which perimeter your employee can filter on and thus allow them to access downloads from:
all managers
managers from their agencies
managers from their poles
their N-1 managers
themselves (if everything is unchecked)
Activity log
Enabling this option allows your employee to access all logs tracking various modifications made by your users on cards or events such as shares, exports, etc...
If you enable this option, you can configure search rights.
Subscription
Enabling this option allows the manager to access your BoondManager subscription information and also retrieve invoices we provide.
⠀
Administration
Warning!
Enabling any section in this box grants access to the Administration interface for the activated options.
Managers
Enabling this option allows, depending on search rights, access to cards and other rights, to:
view the list of managers
create and configure a manager account / a role
delete a manager account / a role
activate/deactivate an account
log in to the manager's account
Roles
Enabling this option allows your manager to create roles and thus configure access rights to different modules.
Legal Agencies
If this option is enabled, the user will access configuration of your legal agencies.
Warning
In this section you configure, by agency:
the footer of your documents
operation of timesheets, expenses, and absences,
contractual and non-contractual benefits
bank details, invoice reference mask
etc.
⠀
Poles
If this option is enabled you allow the manager to create poles.
Business units
If this option is enabled you allow the manager to create business units.
Global settings and translations
If this option is enabled you allow the manager to create and edit your references.
Warning
Your references are shared across all your legal agencies.
Action templates
If this option is enabled you allow the manager to view action templates shared with them.
Task lists
If this option is enabled you allow the manager to create and edit all your task lists.
Shared searches
If this option is enabled you allow the manager to access the list of saved searches shared with them.
Apps / Marketplace
If this option is enabled you allow your manager to install applications and also configure access for them.
Warning
Some applications may grant access to sensitive data (salaries, margins, personal data, ...). A Manager who can install apps can also decide their visibility for your users. This right must be used with great caution.
⠀
Import your data
Enabling this option allows your manager to import data on candidates, resources, CRM (companies and contacts), actions, and opportunities.
Developer space
Enabling this option allows your manager to create apps, activate a sandbox, and access the API token.
Webhooks
Enabling this option allows your manager to access the list of webhooks and manage them.
⠀
Apps
You can choose the applications the manager will have access to and also configure rights for some of them.
⠀
Warning
Some applications may grant access to sensitive data (salaries, margins, personal data, ...). When granting access to applications, ensure (via the configuration cogwheel) that you do not grant access to unwanted data.
Permissions and alerts
In this section you can:
Enable exclusive authentication from a trusted third party
Email alert if your account is used from a device you haven't used yet
Manage a list of authorized devices allowed to log in