You can create custom roles tailored to your company. With customizable roles, you can define exactly which platform features a user can access and assign granular permissions based on their role. Additionally, you can configure the access scope for the custom role to grant or restrict access to cases dynamically—based on the case answers provided.
With Case Level Access you can also adjust an admin’s access at the individual case level as needed regardless of their role. Read more about Case Level Access here.
This completely configurable functionality helps to streamline user management, protect confidentiality and boost productivity by ensuring users see only the features, data and information relevant to them.
IMPORTANT: AllVoices default roles cannot be edited or changed at the role level. However, with case level access you can override default permissions as needed on a case-specific basis.
The ability to configure custom roles is only accessible by users with the AllVoices’ default role Owner or if the admin is assigned a custom role in which the 'Settings & Configuration Features’ section is enabled.
Custom Roles
Below we’ve outlined which features and case sections can be accessed or restricted at the role level. You will also have fine-grained control over what users can do within each section based on their user role such as: (View, Create, Edit, Delete).
Once created the role can be assigned to individual users, granting them access rights as defined by the role configuration.
IMPORTANT SECURITY CONSIDERATIONS:
- When creating a custom role it is important to define the access scope otherwise the user will get access to ALL of the cases in the system by default.
- Granting Manage Access - Edit Permissions under Case Management grants the admin the ability to override other admins default role permissions on specific cases as needed (this should only be enabled for high level administrators)
- Creating a custom role with Settings & configuration features grants the ability for admins to add other administrators and change their roles. (This should only be reserved for the highest level of administrator)
- If you have an HRIS integration, Granting Access to the Employees Profiles will give the custom role user access to sensitive PI employee data being synced from your HRIS system. (This should only be reserved for high level administrators)
The following Features can be restricted at the role level:
Below is a list of features within the platform that can be restricted based on the user’s custom role configuration.
| Case Management |
Ability to access AllVoices cases Additionally, granular permissions can be set to restrict users from specific sections of the case including Performance improvement and Investigations. |
| Charts & Insights |
Ability to access AllVoices Charts dashboard Additionally granular permissions can be set to restrict users from specific features on the charts dashboard including: Creating Views and Scheduling reports |
| Vera | Ability to access AllVoices AI copilot Vera throughout the platform and all the Vera features including: Vera’s summaries, Tasks, recommendations, chats, auto-fill and auto-draft, policy analysis and precedent |
| Settings & Configurational Features |
Ability to control: Adding and managing system admin access and custom roles, Customizations, Train Vera, Investigation templates, SLAs and Reminders, Slack and HRIS Integrations, and Case Form config These permissions are grouped and should only be enabled for the highest level administrator due to the ability to grant system access and edit form configs. |
| Employee Profiles | Ability to look up and view employees profiles and any associated cases involving that employee which they have access to |
Custom roles will not be able to access Pulse Surveys, Engage or Benchmarking (Insights).
How to create a custom role:
Navigate to “Admins & Permissions’ in the settings dropdown and click on the ‘Roles and Permissions’ tab.
At the top you will see AllVoices default roles and any custom roles that your company has. To learn more about default roles you can visit the default roles guide. To get a full breakdown of each role’s permissions click on the list icon next to the role name.
To Create a Custom role click Add New Role
Name
First Name the custom role. Choose something identifiable as this will be the display name admins see throughout the system and when adding new admins to your AllVoices instance.
Description
Provide a description for the role. It can be helpful to include details as to why this role was created and differs from other system roles.
For Example: Owner Admin- Ethics. This role has default access to all Ethics cases and can adjust Settings and Configurational features.
Access Scope
Next define the Access Scope:
IMPORTANT: This defines the scope of access for the role within the system. If no scope is defined the role will have access to ALL cases in the system by default.
By defining the Access Scope you can grant or restrict access to cases and data in the system dynamically based on Case Answers.
First select when all conditions are true OR when any condition is true.
Next, add the conditions:
All dropdown questions on your case form configuration will be available. Select the question, and whether the answer(s) selected should be equal to or not equal to.
For example: A user may want to create an admin that has default access to Ethics cases. In order to do so they would select:
- Question: Issue Type
- Is Equal to
- Ethics and compliance
The above example conditions would grant the admin default access to all Ethics cases in the system historically or going forward unless explicitly blocked by the reporter or another admin. The admin will only be able to access non-Ethics cases if added manually by another admin or routing rule.
You can add as many conditions as you would like.
IMPORTANT: By default the user will have access to all cases and data that meets the conditions defined in the Access Scope including historical cases unless Access Scope is Overridden.
Overriding Access Scope:
You may choose to override the Access Scope at the Case Management or Chart Feature level when creating a custom role.
If overridden the condition(s) defined in the Access Scope will no longer apply for that feature and the user will have access to either all case data or no case data for the specified feature unless explicitly shared with them.
Feature Permissions
Next, enable Feature Permissions.
Case Management:
Below is a list of case sections and functionality that can be restricted based on the user’s role configuration.
If Override Access Scope toggle is disabled for Case Management:
- User will have default access to all cases in system that match the conditions defined under Access Scope and those that are explicitly shared
If Override Access Scope toggle is enabled for Case Management:
- You can select which access you want the user to have as this will override the Access Scope conditions set for this feature.
- If All is selected user will have default access to all cases in the system regardless of conditions
- If None is selected, the user will not have access to any cases in the system. Unless shared manually by admin or routing rule.
Additionally you can set (View, Create, Edit and Delete) access for the various case sections listed.
IMPORTANT: ‘Manage Access -Edit’ permissions, will grant the custom role user the ability to restrict or grant access to specific sections of a case overriding role-based permissions on individual cases as needed. This should only be enabled for high level administrators as it allows the user to restrict or override role permissions of other admins access at the case level.
Charts and Insights
You can choose to enable the Charts and Insights Feature for the Custom Role.
If Override Access Scope toggle is disabled for Charts:
- User will have default access to all cases in system that match the conditions defined under Access Scope and those that are explicitly shared
If Override Access Scope toggle is enabled for Charts:
- You can select which access you want the user to have and this will override the Access Scope conditions set for this feature.
- If All is selected user will have default chart data for to all cases in the system regardless of conditions
- If None is selected, the user will not have access to chart data in the system except for cases that are explicitly shared.
Additionally you can set View, Create, Edit and Delete access for Charts, Scheduling Reports, and Creating Chart Views.
Vera
You can choose to enable the Vera for the Custom Role.
If ‘View’ is enabled the Custom role will be grated the ability to access AllVoices AI Copilot Vera throughout the platform including: Vera’s summaries, Tasks, recommendations, chats, auto-fill and auto-draft, policy analysis and precedent.
Employee Profiles
You can choose to enable Employee Profiles for the Custom Role.
This will grant access to employees profiles and will show linked cases that the custom role user has access to for that employee.
IMPORTANT: If you have an HRIS integration, Granting Access to the Employees Profiles will give the custom role user access to sensitive PI employee data being synced from your HRIS system at the employee profile level. (Therefore this permission should only be reserved for high level administrators)
Popular Uses for Custom roles 👍
- Data role - Ability to view data
- System Config role - Ability to configure system settings but not view cases
- Ability to create cases but not view
- Ability to configure which cases admins can access dynamically based on case answers
- For example you may want to separate cases for HR and Ethics teams
- Limit which sections of the cases admins can view, create, edit or delete
- Limit which features an admin can see including: Charts/Insights, Vera, Settings and Configurational features, Employee Profiles