My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
  2. Talent Management - User FAQs
  3. Talent Management

Steps to configure RBAC - Manager Delegation

Published:

Overview

Role Based Access Control (RBAC) lets you define what each user can see and do. Instead of managing permissions individually, you create named roles with specific access levels, assign users to those roles, and optionally group users into cohorts for easier management. 

Manager Delegation is an HR Admin-only feature that lets you reassign skill rating responsibility from an employee's primary manager to a secondary (delegating) manager — without removing the primary manager's visibility.

The core use case is straightforward: a primary manager may not always be the best person to assess an employee's skills, especially in matrixed teams, project-based work, or situations where a functional lead has more day-to-day visibility. Rather than restructuring the org chart, HR Admin can simply delegate rating rights to whoever is closest to the work.

RBAC is organized into three tabs: Roles, Users, and Cohort.


Creating a Role

If no roles have been set up yet, the RBAC screen shows an empty state with a Create a new role button.

  1. Go to Admin Center > Account Settings > Role Based Access Control (RBAC).

  2. Click Create a new role.
  3. Enter a Role Name (e.g., Admin, Assistant Manager, CHRO).

  4. Under Manage Permissions, toggle View and/or Edit access for each module:
    ModuleViewEdit
    Insights
    Skill architecture
    Admin center
    Career paths
    Skill validation

    Note on Skill Validation: Before enabling access here, the role must first be created in the Skill Validation platform. A warning on the screen will remind you of this.

    1. Click Create a role. A "Role created successfully" toast confirms the action.


      Managing Roles

      Once roles are created, they appear as cards on the Roles tab. Each card shows:

      • The role name
      • Number of users assigned
      • Add users / View users action
      • Edit role action (pencil icon)

      Use the Search by role bar to find a specific role quickly. To modify permissions on an existing role, click Edit role on the relevant card.


    Adding Users to a Role

    1. On the Roles tab, click Add users on the role card (shown in red when no users are assigned yet).
    2. A two-step modal opens.

    Step 1 — Add Users

    Browse or search the user directory. The table shows User ID, name, email, department, location, grade, band, and manager. Check the box next to each user you want to assign to this role. Click Next.

    After a role is created, the screen returns to the Roles tab with the success toast, and the new role card appears. The distinction between Add users (red, zero users) vs View users (grey, users exist) is worth a line — it's a visible UI difference users will notice.

    Step 2 — Data Access Control

    Define the scope of data this role can access — horizontal (by function or team) and vertical (by hierarchy level). Complete this step and save.

    A user can hold multiple roles. They will appear as separate rows in the Users tab, one per role assigned.


Configure Data Access Action

When you click + Add field, two dropdowns appear beneath it. The first, Select Field, lets you choose the attribute you want to restrict access by — for example, Department, Location, Grade, or Band. The second, Select Horizontal(s), lets you pick the specific values within that field — for instance, if you selected Department, you would then choose which departments this role can see. Each field row has a delete icon on the right to remove it. You can add multiple field rows by clicking + Add field again, building up a combination of access rules if needed.

The Data Access Control panel slides in as an overlay (not a new page) on the right side. It's tied to the specific role — the header reads "Data Access Control | Role : Admin". There are two options:

  • + Add field — lets you define specific data access rules (the existing users show Horizontal and Vertical scope once configured)
  • or Provide organization level access — a checkbox that grants access across the entire org without field-level restrictions

Once your fields are configured, click Apply to save. Reset clears any unsaved changes. Users with data access rules applied will show their scope in the Data Access column on the Users tab — for example, "Horizontal - Engineering, Vertical - Customer Support." Users with no rules configured show a dash.

Creating and Managing Cohorts

Cohorts let you group users by name for access or reporting purposes.

  1. Go to the Cohort tab.

  2. Click to create a new cohort.
  3. Enter a Cohort Name (required) and an optional Description.

  4. Click Add Members from Directory to select users from the employee directory.

  5. Once members are added, click Create a cohort.

The Cohort tab header shows the total number of cohorts (e.g., Cohort (4)).

Things to Keep in Mind

  • Only users with Admin Center access can create or edit roles.
  • Skill Validation roles must be set up in the Skill Validation platform before access can be toggled on here.
  • Removing a user from a role does not delete them from the platform - it only changes their access level.
  • A user assigned to multiple roles will have the combined access of all their roles.
Attachments
Access denied
Access denied