2Examples of Security in Performance
Examples of Security in Performance
Examples Overview
The following examples try to cover some of the basics of permissions and coverage areas.
Each example consists of a description, permissions configuration, and quick walkthrough.
Using the Talent Profile
The Talent Profile is a central piece of Taleo Performance that provides key information on employees.
Jack is a high-level manager with over 50 direct and indirect reports. He does not want to change details of indirect reports himself, but does want to view talent profiles when required during succession planning or during the review process. Elizabeth reports to Jack, but also has a number of direct reports whose talent profile she needs to view and update. Steve, who reports to Elizabeth, can access and edit some of his own details, but he should not be able to view other information which is found in the employee metrics section.
Configuration
To ensure the access is as expected the administrator must set up the Employee Profile user type permissions for the managers and employees, set up the talent profile competencies, and set up the employee metrics permissions.
Jack will have instances where he will be a higher level manager, direct manager, and employee and requires user permissions to account for each situation. Elizabeth does not have indirect reports and only requires direct manager and employee permissions, while Steve has no managerial responsibilities.
User Type Permissions | |||
---|---|---|---|
Name | Jack | Elizabeth | Steve |
Yes | |||
Yes | |||
Yes | Yes | ||
Yes | Yes | ||
Yes | Yes | ||
Yes | Yes | ||
Yes | Yes | Yes | |
Yes | Yes | Yes |
The display of Talent Profile competencies is also controlled at the user type level, but these settings are found in Configuration > [Taleo Performance] Administration > [Employee Management] > Talent Profile Competency Configuration.
Walkthrough
-
Before discussing Steve's pay raise with Jack, Elizabeth may have wanted to manually adjust some of Steve's metrics to better reflect his past twelve months. After a particularly productive year, she decides to change his Employee - Potential metric from Medium to High.
-
When Jack is involved in discussing Steve's pay raise with Elizabeth, after the completion of the annual performance reviews, he can select Steve's Talent Profile. When he does so he can see his most recent review ratings, potential and competency ratings before approving the pay raise suggested by Elizabeth. But as he does not need to make any changes, just viewing the profile is sufficient.
-
Steve can only view and access his own profile, except Metrics which are hidden from him. But as he has completed his Prince2 project management certification, he can add that to the Certifications section.
Using Coverage Areas
Coverage areas and user groups control access to users based on a combination of employee organization, location and job family. Users can have different coverage areas for each functional domain.
There are two HR Administrators with standard user type permissions for an administrator; however, one is responsible for the North East and the other for the Mid Atlantic region. This is reflected in their coverage areas, where their Functional Domains include all of the Performance modules and are the same, except that one has the Locations value North East and the other has Mid Atlantic. This ensures that they can only view and access employees that work in their region.
As Helen's current job has her in the North East region, her details can be viewed by one of the HR Administrators. The employee's location is taken from the Employee Information > Location field. Similarly, this is where the Organization and Job Role fields are, that can also be used with coverage areas.
Configuration
The user type permissions are the standard HR Administrator permissions.
Settings from both user group/coverage area and employee information are used when checking to see if an employee should be accessible to the user.
Settings | |
---|---|
User Group Constraints | Corresponding Employee values |
Coverage Areas > Organizations | Employee Information > Organization |
Coverage Areas > Location | Employee Information > Location |
Coverage Areas > Job Fields | Employee Information > Job Role |
Walkthrough
-
Helen is transferring from the North East to the Mid Atlantic and the overnight feed from the HRIS system updates Helen's record in Taleo Performance to reflect this.
-
From that point on, when the North East HR Admin views HR Administration Tools and selects a module such as Performance Review or Goal Plan, Helen is no longer included in the list.
-
The HR Admin for the Mid Atlantic now has Helen included in his list of employees when viewing modules in the HR Administration Tools.
-
If the company was to realign its personnel in the future and the North East HR Admin assumed the same role for the Mid Atlantic and added the location to his coverage area, then Helen would again be visible to that HR Admin.
Talent Pools
Talent pools help organizations plan and review their workforce beyond position-based succession plans, along with providing the ability to create groups of people for the purposes of tracking, monitoring and actioning.
Diane, the HR Manager, is the owner of the talent pool. This enables her to create it, add pool members and change owners if required. Kelly and Sam are departmental managers who will populate the pool and work with Diane to evaluate the employees and build a strong group of pool members. The focus of the pool is on building a group of talented employees for the company's North American operations.
Configuration
It is not only the talent pool permissions that are required, but to see the metrics displayed in the list view employee metrics permissions must also be granted.
User Type Permissions | |||
---|---|---|---|
Name | Diane | Kelly | Sam |
Yes | Yes | Yes | |
Yes | |||
Yes | Yes | ||
Yes | |||
Yes | Yes | ||
Yes | Yes |
In addition to the user permissions a North American user group will be created and Kelly and Sam will be added to it.
The coverage area that is added to their North American user group will include all of the Performance functional domains, as well as the locations Canada, Mexico, and United States.
The location constraint means that they can only view items, such as performance reviews and development plans, for employees that are based in one of those three regions.
The Succession Employee Search domain is only available in this context. It is used to control which employees can be found when running a search from within a Succession Plan or Talent Pool. The employees Kelly and Sam can search for are limited to those in the North American user group.
Walkthrough
Mentoring
Mentoring occurs outside of the typical hierarchical and object based security concepts and provides a simple method to give someone access to another user's information.
Henry is a senior consultant with deep-domain experience in his field and has been asked to mentor Bill and Catherine. He is not in their direct reporting line and lacks any managerial permissions for accessing their details. Because of this, specific mentoring user permissions can be used to give Henry the required access.
Configuration
To help mentor, Henry will definitely want view access to their goal plans and development plans, along with their employee profiles to see where they have the largest gaps to close. Having manage access for development plans enables him to directly assign development activities.
There are no special permissions for mentees.
User Type Permissions | |
---|---|
Name | Henry |
Yes | |
Yes | |
Yes | |
Yes | |
Yes | |
Walkthrough
-
From the Performance Card, Bill and Catherine's supervisor uses the Request Mentoring option to assign them to Henry as mentees.
-
Henry logs into Taleo Performance, and can select [Navigation bar] > More dropdown > Mentoring Center, and send feedback regarding Bill or Catherine, as well as break the mentoring relationship.
-
To view his mentees' details, he could select [Navigation bar] Profile and then select Employee.
-
By using a keyword search, Henry can select either Bill or Catherine and display their Talent Profile.
-
Now he can select from Goals Plans, Career Plans, or Development Plans.
-
Selecting Development Plan enables Henry to edit their current plans and to give them development activities that would help close their skills gap.
Matrix Management
Matrix management provides the ability to assign employees for a specific period, to matrix or proxy managers that can participate in reviews, goals, and other tasks on behalf of the primary manager.
Aasif works in the Shared Services dept and reports to Samantha. The Shared Services dept acts as a service bureau for other groups in the company and Aasif's role is to work on various project teams. He has been placed on Lewis' project team for the next six months and Lewis will serve as his proxy manager for that period.
To provide granular access to Aasif's details, matrix management user type permissions can be applied to each module, as opposed to a blanket setting for assuming the exact access Samantha has. In this way Lewis can have access to those modules that are impacted by Aasif's project work, such as Goal Plans, Development Plans, Performance Reviews and Employee Profile.
Configuration
Lewis requires additional user type permissions. The View/Manage permissions selected will enable him to take part in setting the goals and reviewing the results of the project Aasif will work on for Lewis. In case any development activities are tied to goals, access to development plans has been added as well. Having access to the talent profile is fairly standard, so the Employee Profile permission is also selected.
Samantha must have the Access Manage Matrix Manager permission, otherwise she will not be able to create the matrix manager relationship between Lewis and Aasif from the Talent Browser.
There are no special permissions required for delegated employees.
User Type Permissions | ||
---|---|---|
Name | Lewis | Samantha |
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Yes |
Walkthrough
-
With the permissions set up and with Lewis assigned as a matrix manager with Aasif as his designated employee by Samantha, he can select [Navigation bar] Profile to display his own Talent Profile.
-
He can then select Employee > Other to display the People Selector and use In my delegated employees to find Aasif.
-
Aasif's Talent Profile is displayed in read-only view, with the exception of being able to add development activities to any competencies that are displayed, based on having the Development Plans View/Manager permissions.
-
Selecting Module > Goal Plans displays Aasif's goal plan and Lewis can add goals to the plan, based on the new project work.
-
During the life of the project, Lewis can go into the goal plan and make edits if there are any changes to the project work that affect the goals.