1. Implementing Performance Security and Permissions

2Examples of Security in Performance

Examples of Security in Performance

    Examples Overview

    The following examples try to cover some of the basics of permissions and coverage areas.

    Each example consists of a description, permissions configuration, and quick walkthrough.

      Using the Talent Profile

      The Talent Profile is a central piece of Taleo Performance that provides key information on employees.

      Jack is a high-level manager with over 50 direct and indirect reports. He does not want to change details of indirect reports himself, but does want to view talent profiles when required during succession planning or during the review process. Elizabeth reports to Jack, but also has a number of direct reports whose talent profile she needs to view and update. Steve, who reports to Elizabeth, can access and edit some of his own details, but he should not be able to view other information which is found in the employee metrics section.

      Configuration

      To ensure the access is as expected the administrator must set up the Employee Profile user type permissions for the managers and employees, set up the talent profile competencies, and set up the employee metrics permissions.

      Jack will have instances where he will be a higher level manager, direct manager, and employee and requires user permissions to account for each situation. Elizabeth does not have indirect reports and only requires direct manager and employee permissions, while Steve has no managerial responsibilities.

      User Type Permissions
      Name Jack Elizabeth Steve
      Performance > Employee Metrics > View - If this user is a higher level manager Yes
      Performance > Employee Profile > View - If this user is a higher level manager Yes
      Performance > Employee Metrics > View - If this user is the direct manager Yes Yes
      Performance > Employee Metrics > Manage - If this user is the direct manager Yes Yes
      Performance > Employee Profile > View - If this user is the direct manager Yes Yes
      Performance > Employee Profile > Manage - If this user is the direct manager Yes Yes
      Performance > Employee Profile > View - If this user is the owner Yes Yes Yes
      Performance > Employee Profile > Manage - If this user is the owner Yes Yes Yes

      The display of Talent Profile competencies is also controlled at the user type level, but these settings are found in Configuration > [Taleo Performance] Administration > [Employee Management] > Talent Profile Competency Configuration.

      Note: The specific employee metrics that can be displayed are controlled by the Configuration > [Taleo Performance] Administration > [Employee Management] Metrics Configuration settings, while the specific talent profile sections and fields that are displayed are controlled by the Configuration > [Taleo Performance] Administration > [Employee Management] Talent Profile Section Configuration settings.
        Walkthrough

        1. Before discussing Steve's pay raise with Jack, Elizabeth may have wanted to manually adjust some of Steve's metrics to better reflect his past twelve months. After a particularly productive year, she decides to change his Employee - Potential metric from Medium to High.

        2. When Jack is involved in discussing Steve's pay raise with Elizabeth, after the completion of the annual performance reviews, he can select Steve's Talent Profile. When he does so he can see his most recent review ratings, potential and competency ratings before approving the pay raise suggested by Elizabeth. But as he does not need to make any changes, just viewing the profile is sufficient.

        3. Steve can only view and access his own profile, except Metrics which are hidden from him. But as he has completed his Prince2 project management certification, he can add that to the Certifications section.

          Using Coverage Areas

          Coverage areas and user groups control access to users based on a combination of employee organization, location and job family. Users can have different coverage areas for each functional domain.

          There are two HR Administrators with standard user type permissions for an administrator; however, one is responsible for the North East and the other for the Mid Atlantic region. This is reflected in their coverage areas, where their Functional Domains include all of the Performance modules and are the same, except that one has the Locations value North East and the other has Mid Atlantic. This ensures that they can only view and access employees that work in their region.

          As Helen's current job has her in the North East region, her details can be viewed by one of the HR Administrators. The employee's location is taken from the Employee Information > Location field. Similarly, this is where the Organization and Job Role fields are, that can also be used with coverage areas.

          Configuration

          The user type permissions are the standard HR Administrator permissions.

          Settings from both user group/coverage area and employee information are used when checking to see if an employee should be accessible to the user.

          Settings
          User Group Constraints Corresponding Employee values
          Coverage Areas > Organizations Employee Information > Organization
          Coverage Areas > Location Employee Information > Location
          Coverage Areas > Job Fields Employee Information > Job Role
            Walkthrough

            1. Helen is transferring from the North East to the Mid Atlantic and the overnight feed from the HRIS system updates Helen's record in Taleo Performance to reflect this.

            2. From that point on, when the North East HR Admin views HR Administration Tools and selects a module such as Performance Review or Goal Plan, Helen is no longer included in the list.

            3. The HR Admin for the Mid Atlantic now has Helen included in his list of employees when viewing modules in the HR Administration Tools.

            4. If the company was to realign its personnel in the future and the North East HR Admin assumed the same role for the Mid Atlantic and added the location to his coverage area, then Helen would again be visible to that HR Admin.

              Talent Pools

              Talent pools help organizations plan and review their workforce beyond position-based succession plans, along with providing the ability to create groups of people for the purposes of tracking, monitoring and actioning.

              Diane, the HR Manager, is the owner of the talent pool. This enables her to create it, add pool members and change owners if required. Kelly and Sam are departmental managers who will populate the pool and work with Diane to evaluate the employees and build a strong group of pool members. The focus of the pool is on building a group of talented employees for the company's North American operations.

              Configuration

              It is not only the talent pool permissions that are required, but to see the metrics displayed in the list view employee metrics permissions must also be granted.

              User Type Permissions
              Name Diane Kelly Sam
              Common > Pools > View - If this user is the pool owner or a pool user Yes Yes Yes
              Common > Pools > Manage Yes
              Common > Pools > Manage - If this user is the pool owner or a pool user Yes Yes
              Performance > Employee Metrics > View Yes
              Performance > Employee Metrics > View - If this user is the direct manager Yes Yes
              Performance > Employee Metrics > View - If this user is a high level manager Yes Yes

              In addition to the user permissions a North American user group will be created and Kelly and Sam will be added to it.

              • The coverage area that is added to their North American user group will include all of the Performance functional domains, as well as the locations Canada, Mexico, and United States.

              • The location constraint means that they can only view items, such as performance reviews and development plans, for employees that are based in one of those three regions.

              • The Succession Employee Search domain is only available in this context. It is used to control which employees can be found when running a search from within a Succession Plan or Talent Pool. The employees Kelly and Sam can search for are limited to those in the North American user group.

              Image showing an example of coverage area. The coverage area includes all the Performance functional domains, as well as the locations Canada, Mexico, and United States.

                Walkthrough

                1. Diane can access [Navigation bar] > More dropdown > Talent Pools and create a talent pool. This includes adding Kelly and Sam as pool users.

                2. As pool users, they can now log into Taleo Performance and begin adding pool members. They can search within their reporting structure and network or they can use keywords to find users in the system.

                  Being included in the North American user group, their search results will be limited to employees whose location is either Canada, Mexico, or the US. This does not impact searches for candidates, as candidates do not have the user account OLF values that employees have, which are checked when a search is run.

                3. After they have added the pool members, when they are in List view they will only be able to see the Review Rating, Risk of Loss and Potential values for employees they are line managers for or who sit under them in the organization structure. If they see different member's metrics it is because Kelly and Sam have different hierarchical relationships with those members.

                  If they have added candidates to the pool, candidates do not have metrics so there are no values to display.

                  Mentoring

                  Mentoring occurs outside of the typical hierarchical and object based security concepts and provides a simple method to give someone access to another user's information.

                  Henry is a senior consultant with deep-domain experience in his field and has been asked to mentor Bill and Catherine. He is not in their direct reporting line and lacks any managerial permissions for accessing their details. Because of this, specific mentoring user permissions can be used to give Henry the required access.

                  Configuration

                  To help mentor, Henry will definitely want view access to their goal plans and development plans, along with their employee profiles to see where they have the largest gaps to close. Having manage access for development plans enables him to directly assign development activities.

                  There are no special permissions for mentees.

                  User Type Permissions
                  Name Henry
                  Performance > Performance Reviews > View - If this user is a mentor
                  Performance > Performance Reviews > Manage - If this user is a mentor
                  Performance > Goal Plans > View - If this user is a mentor Yes
                  Performance > Goal Plans > Manage - If this user is a mentor
                  Performance > Career Plans > View - If this user is a mentor Yes
                  Performance > Career Plans > Manage - If this user is a mentor
                  Performance > Development Plans > View - If this user is a mentor Yes
                  Performance > Development Plans > Manage - If this user is a mentor Yes
                  Performance > Employee Metrics > View - If this user is a mentor
                  Performance > Employee Metrics > Manage - If this user is a mentor
                  Performance > Employee Profile > View - If this user is a mentor Yes
                  Performance > Employee Profile > Manage - If this user is a mentor
                    Walkthrough

                    1. From the Performance Card, Bill and Catherine's supervisor uses the Request Mentoring option to assign them to Henry as mentees.

                    2. Henry logs into Taleo Performance, and can select [Navigation bar] > More dropdown > Mentoring Center, and send feedback regarding Bill or Catherine, as well as break the mentoring relationship.

                    3. To view his mentees' details, he could select [Navigation bar] Profile and then select Employee.

                    4. By using a keyword search, Henry can select either Bill or Catherine and display their Talent Profile.

                    5. Now he can select from Goals Plans, Career Plans, or Development Plans.

                    6. Selecting Development Plan enables Henry to edit their current plans and to give them development activities that would help close their skills gap.

                      Matrix Management

                      Matrix management provides the ability to assign employees for a specific period, to matrix or proxy managers that can participate in reviews, goals, and other tasks on behalf of the primary manager.

                      Aasif works in the Shared Services dept and reports to Samantha. The Shared Services dept acts as a service bureau for other groups in the company and Aasif's role is to work on various project teams. He has been placed on Lewis' project team for the next six months and Lewis will serve as his proxy manager for that period.

                      To provide granular access to Aasif's details, matrix management user type permissions can be applied to each module, as opposed to a blanket setting for assuming the exact access Samantha has. In this way Lewis can have access to those modules that are impacted by Aasif's project work, such as Goal Plans, Development Plans, Performance Reviews and Employee Profile.

                      Configuration

                      Lewis requires additional user type permissions. The View/Manage permissions selected will enable him to take part in setting the goals and reviewing the results of the project Aasif will work on for Lewis. In case any development activities are tied to goals, access to development plans has been added as well. Having access to the talent profile is fairly standard, so the Employee Profile permission is also selected.

                      Samantha must have the Access Manage Matrix Manager permission, otherwise she will not be able to create the matrix manager relationship between Lewis and Aasif from the Talent Browser.

                      There are no special permissions required for delegated employees.

                      User Type Permissions
                      Name Lewis Samantha
                      Performance > Performance Reviews > View - If this user is a matrix manager Yes
                      Performance > Performance Reviews > Manage - If this user is a matrix manager Yes
                      Performance > Goal Plans > View - If this user is a matrix manager Yes
                      Performance > Goal Plans > Manage - If this user is a matrix manager Yes
                      Performance > Development Plans > View - If this user is a matrix manager Yes
                      Performance > Development Plans > Manage - If this user is a matrix manager Yes
                      Performance > Employee Profile > View - If this user is a matrix manager Yes
                      Performance > Employee Profile > Manage - If this user is a matrix manager
                      Performance > Team Management > Access Manage Matrix Manager Yes
                        Walkthrough

                        1. With the permissions set up and with Lewis assigned as a matrix manager with Aasif as his designated employee by Samantha, he can select [Navigation bar] Profile to display his own Talent Profile.

                        2. He can then select Employee > Other to display the People Selector and use In my delegated employees to find Aasif.

                        3. Aasif's Talent Profile is displayed in read-only view, with the exception of being able to add development activities to any competencies that are displayed, based on having the Development Plans View/Manager permissions.

                        4. Selecting Module > Goal Plans displays Aasif's goal plan and Lewis can add goals to the plan, based on the new project work.

                        5. During the life of the project, Lewis can go into the goal plan and make edits if there are any changes to the project work that affect the goals.