The document outlines the security roles and permissions within the Tempworks system, detailing specific access rights for various user roles regarding document types, reports, and customer statuses. It discusses challenges related to permissions administration and contrasts security groups with teams in terms of their functionality and reporting use. Additionally, it provides guidance for bridge admins and resources for better understanding and navigating security issues in the system.

1. Security Clearance
Presented by:
Kevin Prow, Chief Information Officer
William Dewey, Implementation Manager

2. Security Roles (Enterprise)
• “Sec Roles”
• Users can have many security roles
• Gives access to forms, reports, document types, functions, customer
statuses, widgets
• Prohibits access to document types, custom data fields
• Denies read/write permissions on certain fields on forms

3. Security Roles (Enterprise)
John Doe (Service Rep)
ServiceRep
Priority: 10
PayClerk
Priority: 100
I9 Restricted
Priority: 50
Everify
Priority: 30
• Allows uploading I-9s
• Prohibits viewing I-9s
• Can not run E-Verify
• Allows viewing I-9s
• Prohibits deleting I-9s
• Can run E-Verify
• Prohibits viewing I-9s
• Prohibits uploading I-9s
• Prohibits deleting I-9s
• Cannot run E-Verify
• Allows viewing I-9s
• Allows uploading I-9s
• Allows deleting I-9s
• Can run E-Verify
What can John Doe do with I-9 documents?

4. Security Roles (Enterprise)
• Challenges
• Conflicting permissions
• Determining why something is/isn’t available
• Difficult to administer (tends to need Support assistance)
• Hard to report on/audit

5. Security Groups (Beyond)
• Security Groups
• Multiple “Types” of Groups:
• Permissions
• Document Types
• Customer Status
• Reports
• Saved Searches
• Custom Data
• Data Exports
• Message Action Types
• One group, per user, per type
• Single source of truth
• Exposed via the TempWorks API for vendors/integrations
• User-administrable

6. Security Groups (Beyond)
John Doe (Service Rep)
Document Types Permissions Reports
• Resume: Read, Write, Delete
• I9: Read, Write
• W4: Read, Write
• Can create and edit
E-Verify cases
• Can assign onboarding
workflows
• Expired I-9s Report

7. Security Groups vs. Teams
• Security Groups
• Control access
• Each person is part of one
security group, for each type
of security group
• Not for reporting
• Teams
• New concept in Beyond
• Logical groups of people
• Used in reporting
• Used for distribution, such as
tasks
• Has “owners”
• Can be part of multiple teams
• Can own multiple teams
• Doesn’t impact permissions

8. Teams
VP of Sales
Sales Manager – West Sales Manager – East
Salesperson #1 Salesperson #2 Salesperson #3 Salesperson #4

9. Bridge Admins
• Bridge admins are the people who can call
TempWorks and make decisions like;
• Make mass changes to your system
• Approve custom report
modifications
• Make security changes
• Approve billable time
• What does a bridge admin need to know?
• Understand how to administer
security within Enterprise, Beyond &
other TempWorks products.
• Understand the roles your users
need when using the TempWorks
products.

10. HAVE NO
IDEA WHAT I
AM DOING
Step 2
Use our readily available tools to learn about security
• Try searching our knowledge base
• Try using our community form
• Come to a super awesome security presentation at The Works
• Still confused? Contact a TempWorks representative.
Step 2
Understand the issue you are trying to solve
• Getting details around a scenario is very important when trying to find an
answer.
• Think about possible solutions you may already know.
Step 1 Don’t Panic

11. Understanding
Permissions in
Beyond

12. Security Group Type -
Permission
• Can edit
customer
default worker
comp codes
• Can create
employee EEO
information
• Can read
employee EEO
information
• Can update
employee EEO
information
• Can
administrate
• Can
administrate
security groups
• Can Mass
Update
Assignments
• Can Mass
Update Rates
• Can access time
entry area

13. Security Group Type – Document Type
• The document type security
group gives security groups
the ability to mark specific
TempWorks documents
types as;
• The ability to see something
(Can Read)
• The ability to change
something (Can Write)
• The ability to remove
something (Can Delete)

14. Security Group Type –
Customer Status
• Customer Status security
groups are used to grant
service representatives the
ability to change customer
status from one of the
associated customer
statuses.
• Useful for controlling the
workflow of a customer’s
development.

15. Security Group Type - Reports
• Reports security groups are
used to grant service
representatives access to a set
of reports.
• Beyond gives you the ability to
assign a “Group” of reports or
you can individually select
which reports you want to give
access to.

16. Security Group Type –
Custom Data
• Custom Data security
groups are used to limit
service representatives
access to read/write access
to custom data properties.
• Restrict the ability to see
the custom data (Deny
Read)
• Restrict the ability to edit
the custom data (Deny
Write)

17. Security Group Type – Message Action Type
• The Message Action category
sets which message action
codes a service rep can log.
• For each message action type,
you can select whether the
service rep can view (read) or
post (write) a message with
that action type.

18. Security Clearance – Q & A
Presented by:
Kevin Prow, Chief Information Officer
William Dewey, Implementation Manager