Configure User Role Authorizations

Role authorizations define what access rights a role has to different types of information in Dayforce. You can assign four types of authorizations: 

• Can Create: The role can add new items of the associated information.
• Can Read: The role can read items of the associated information.
• Can Update: The role can edit the details of existing items of the associated information.
• Can Delete: The role can delete items of the associated information.

See Apply Access Authorizations to Grids.

When you assign the Can Create, Can Update, or Can Delete access authorization, you should also assign the Can Read authorization to ensure that the user role can view the information that the role will access.

Not all access authorizations are shown for all roles. Child roles can only view and update the access authorizations that were assigned to them by their parent role. See User Roles.

Each role can have one, several, or no authorizations for a type of information in Dayforce. For example, you could grant access to a Payroll Administrator role to all four authorizations for the Pay Export Configuration item, which means users assigned the Payroll Administrator role can read the Pay Export XML definitions configured in Pay Setup, change them, create an export definition, or delete existing definitions, while a user with the Store Manager role that has only Can Read access can view the export definitions but can't add, update, or delete Pay Export XML definitions.

A role's authorizations can impact different areas of Dayforce. For example, the Pay Information authorization impacts the ability to view employee pay rates and amounts in several timesheets features. Roles without Can Read access for this authorization can't view this pay data, even when they’re assigned role access to the features.

Access authorizations also control permissions for forms. When a user with a role that has authorization to access to a form is assigned Can Create access, but not Can Update or Can Delete access for the associated authorization, that user can create new employee records but can't edit or delete existing records.

You can define as many role authorizations as you need to implement appropriate information security. To assign role authorizations to role types:

1. Go to System Admin > Roles and select a role in the list.
2. Click the Authorizations tab.
3. Select the checkboxes for Can Create, Can Read, Can Update, or Can Delete corresponding with each authorization to grant access permissions to the selected role.
4. Click Save.