Standard Security Entities

The following table defines Standard Security Entities included in our PEO product. Your ClientSpace installation may have a different list of available entities that include custom security entities. Where entities are system-generated, such as for dataform or template security, guidelines have been provided that discuss the standardized formats used to generate the entity name.

Entity Description Required Rights
biz_ClientDistressCallOwner

Used to configure a user as the owner on distress calls.


biz_ClientServiceCase_Email_Notifications

Enables a user to receive email messages from the nightly CSC notification process.

View
biz_clientservicecase_massupdate

Controls access to the Mass Update button on the Case Search dashboard


 biz_ClientServiceCase_QuickCase

Controls access to the Quick Case button on the Cases (Cases 2.0) dashboard.

Add

biz_clientservicecase_subscriptions

Allows access to the Case Type Subscriptions link on the user profile.


biz_clientteam_massupdate

Controls access to the Mass Update button on the Team Search dashboard


biz_CommissionDetail_SalesEntity

 

Add/Edit
biz_crm_show_snapshot

Allows the user to see the Client Snapshot if they have access to the workspace

View
biz_EditAdmin_After_Submit

Allows the user to edit the following fields in the Admin Fees and Taxes and Other Fees fieldsets of a Pricing Batch record on the Pricing Console until Pricing is Locked:

Admin Fees

  • Override Billing For This Batch

  • Pricing Method

  • Admin%

  • Per Head Fee (annl)

  • Per Head Fee (mth)

  • Per Check Fee

  • First Check Supplement

  • Per Invoice

  • Flat Fee (monthly)

  • Minimum Admin Per Head

  • Minimum Admin Per Account

Taxes and Other Fees

  • Billing Client Modifier

Note:  Edit access to the Pricing Batch form (gen_PricingBatch) is also required to activate this security role entity.

View

biz_EditSurcharge_After_Submit

Assigning either View OR Admin rights allows a user with appropriate rights to the Surcharges form to edit the values in the Surcharge Type, Quantity, and Surcharge Amt fields and access the Override Surcharge Amt checkbox after pricing is submitted and until pricing is locked. Once pricing is locked, the system does not allow a user to edit the fields.

 

Note: 

  • The entity is supplemental and will not override form-level security provided by the gen_Surcharges entity. It will also not override any field-level security on individual pricing fields. Any user who is not in a role that allows them general access to view and edit the Surcharges form (as well as access to view and edit any individually secured pricing fields on the Surcharges form) will not be granted access by the biz_EditSurcharge_After_Submit entity to edit surcharge pricing fields after pricing is submitted.

  • By default, Global Administrators can edit the Surcharge record pricing fields up until pricing is locked without this entity assigned.

See Creating Pricing.

View/Admin

biz_EditSUTA_After_Submit

Allows the user to edit the value in the SUTA Bill Rate field until Pricing is Locked. Once Pricing is Locked, the system does not allow a user to edit the SUTA Bill Rate. See Creating Pricing.

View
biz_EditWC_After_Submit

Allows the user to edit the value in the pricing state WC Discount and Client Modifier fields, and also override the pricing code Net Comp Rate field until Pricing is locked. Once Pricing is Locked, the system does not allow a user to edit these fields.

View
biz_pricing_batch_can_override_admin_percent

Used in Pricing Batch business rule HE_ValidateAdminPercentage which fires when a user tries to enter an Admin Percentage lower than the Default Admin Percentage. Having this entity allows the user to bypass this validation.


biz_pricing_batch_multibatch

Enables use of multiple comparison batches


biz_pricing_code_can_view_header


View
biz_pricing_state_can_override_premium_discount



biz_pricing_submitted_batch

Users with View rights to this entity can edit pricing fields when the Batch is in Submitted and Underwriting status. Otherwise, the pricing fields can only be edited when the Batch is in New status.

View
biz_pricingconsole_canchangeuser

Users allowed to change pricing console user filter


biz_pricingconsole_breakdown

User allowed to see the pricing breakdown matrix at the bottom of the pricing console and in the pricing widget on the workspace landing page.

Note:  By default, Global Admin users cannot view the pricing breakdown matrix at the bottom of the pricing console. Add this entity to the Global Administrator role or another role to which the user is a member so that Global Admin users can view the pricing matrix.

View
biz_pricingconsole_add_statecodes_activatedstatus

Controls access to the Add State & Code button on the Pricing Console. When the status of the Pricing Batch is Activated, you can secure the button so that only certain user roles can perform the action.

Add
biz_surcharge_can_view_header


View
biz_surcharges_clientsetup

SecEntity associated with Client Setup Field access on the Pricing Console.


biz_view_pc_gp_after_commissions

Allow visibility to Pricing Console Gross Profit After Commissions

View
biz_workflow_benefitbenefitplan_activate

Controls access to the Company Benefits Plan workflow link - activate

View
biz_workflow_benefitbenefitplan_expire

Controls access to the Company Benefits Plan workflow link - expire

View
biz_workflow_benefitbenefitplan_pending

Controls access to the Company Benefits Plan workflow link - set to pending

View
biz_workflow_benefitbenefitplan_reject

Controls access to the Company Benefits Plan workflow link - reject

View
biz_workflow_benefitbenefitplan_select

Controls access to the Company Benefits Plan workflow link - select

View
biz_workflow_benefitplan_activate

Controls access to the Administrative Benefits Plan workflow link - activate

View
biz_workflow_benefitplan_cancel

Controls access to the Administrative Benefits Plan workflow link - cancel

View
biz_workflow_benefitplan_expire

Controls access to the Administrative Benefits Plan workflow link - expire

View
biz_workflow_benefitplan_pending

Controls access to the Administrative Benefits Plan workflow link - pending

View
biz_workflow_benefitplan_renew

Controls access to the Administrative Benefits Plan workflow link - renew

View
biz_workflow_cm_accept

Controls access to Client Master pricing workflow link - accept

Edit
biz_workflow_cm_activate

Controls access to Client Master pricing workflow link - activate

Edit
biz_workflow_cm_activate_future

Controls access to Client Master pricing workflow link - activate future (based on activation date)

Edit
biz_workflow_cm_activate_now

Controls access to Client Master pricing workflow link - activate now

Edit
biz_workflow_cm_approve

Controls access to Client Master pricing workflow link - approve

Edit
biz_workflow_cm_clone

Controls access to Client Master pricing workflow link - clone (pricing batch)

Edit
biz_workflow_cm_contract_signed

Controls access to Client Master pricing workflow link - contract signed

Edit
biz_workflow_cm_create_batch

Controls access to Client Master pricing workflow link - 

Edit
biz_workflow_cm_decline

Controls access to Client Master pricing workflow link - decline an existing batch

Edit
biz_workflow_cm_expire

Controls access to Client Master pricing workflow link - expire an existing batch

Edit
biz_workflow_cm_kill

Controls access to Client Master pricing workflow link - kill an existing batch

Edit
biz_workflow_cm_reactivate

Allows the reactivation of RFPs that were set to Dead

Edit
biz_workflow_cm_reinstate

Allows you to re-instate a terminated client

Edit
biz_workflow_cm_reprocess

Allows you to re-process a batch, sets it back to pre-submit

Edit
biz_workflow_cm_submit

Allows you to submit a batch from the Client Master header link

Edit
biz_workflow_cm_terminate

Allows you to Terminate a client from the Client Master Header link (moves client to Pending Termination Status)

Edit
biz_workflow_coi_approve

Allows access to the Approve link on Certificate of Insurance 

View
biz_workflow_coi_cancel

Allows access to the Cancel link on Certificate of Insurance 

View
biz_workflow_coi_expire

Allows access to the Expire link on Certificate of Insurance 

View
biz_workflow_coi_issue

Allows access to the Issue link on Certificate of Insurance 

View
biz_workflow_employeebenefits_renew

Controls access to the Renew Link on the EmployeeBenefits dataform

View
biz_workflow_pb_accept

Controls access to the Pricing Batch workflow link - accept 

Edit
biz_workflow_pb_activate

Controls access to the Pricing Batch workflow link - activate 

Edit
biz_workflow_pb_activate_future

Controls access to the Pricing Batch workflow link - activate future  - based on activation date

Edit
biz_workflow_pb_approve

Controls access to the Pricing Batch workflow link - approve 

Edit
biz_workflow_pb_clone

Controls access to the Pricing Batch workflow link - clone 

Edit
biz_workflow_pb_decline

Controls access to the Pricing Batch workflow link - decline 

Edit
biz_workflow_pb_kill

Controls access to the Pricing Batch workflow link - kill 

Edit
biz_workflow_pb_submit

Controls access to the Pricing Batch workflow link - submit 

Edit
biz_workflow_pc_activate

Controls access to the Pricing Code workflow link - activate

Edit
biz_workflow_pc_decline

Controls access to the Pricing Code workflow link - decline

Edit
biz_workflow_policy_sendcoi

Controls access to the Workers' Comp Policy action link to send certificates of insurance 

View
biz_workflow_ps_activate

Controls access to the Pricing State workflow link - activate

Edit
biz_workflow_ps_approve

Controls access to the Pricing State workflow link - approve

Edit
biz_workflow_ps_decline

Controls access to the Pricing State workflow link - decline

Edit
biz_workflow_ps_kill

Controls access to the Pricing State workflow link - kill

Edit
biz_workflow_ps_submit

Controls access to the Pricing State workflow link - submit

Edit

BusinessIntelligenceModule

Controls whether the Delete button is present for non-administrator and developer users on the Business Intelligence User dashboard module.

Note: By default, this security entity is added to the EVERYONE role with View, Add, Edit and Delete access set. However, Add rights still require the User Details Reporting Profile assignment to have the Allow Report Creation flag checked.

View/Add/Edit/Delete

CRM_CanSaveDuplicates

Controls whether a CRM user can save a duplicate organization or must request review

View
gen_dataformname

Dataform security

View/Add/Edit/Admin
gen_dataformName_field

Dataform Field security

View/Add/Edit/Admin
gen_DiscussionMessage

Security entity used to control access to the Case Discussion and Case Attachments dataforms.

Note: By default, this security entity is added to the EVERYONE role with View, Add, and Edit access set.

View/Add/Edit/Delete/Admin
gen_Surcharges

Security entity used to control access to the Pricing Console Surcharges section.

Note: By default, Global Administrators can delete surcharges. Other users requiring access to delete surcharges must be assigned the gen_surcharges Delete rights. If a surcharge type is secured, they will also need Delete rights to the entity for that surcharge type.

View/Add/Edit/Delete/Admin

Incident

Allows the user to view, add, and edit tasks. This entity is present by default PEO Employee Role) with View/Add/Edit rights.

View/Add/Edit

Incident_Audit Trail

Gives Audit Trail access to a user who is not a Global Administrator. (Global Admin users can view the Audit Trail by default.) If a user has the Incident_AuditTrail entity with View access, the magnifying glass icon used to access the Audit Trail displays in the Action Center toolbar of the Task form. They can view changes to the tasks they have access to regardless of the user that made the change.

View

Incident_Can_Add_Without_Dataform

Allows the user to view, add, and edit tasks. You can use the Add button on Task Manager dashboards and the plus (+ ) icon on the Task Manager widget. A workplace selector displays with both options.

View/Add/Edit
Incident_AllowTaskMaintance

Allows the User to edit a Task even when they are not the user indicated as Owner, Assigned To, Creator, or listed in the Subscribe panel.


Incident_Fieldname

Controls field-specific security on the task - not configurable

View/Add/Edit

Incident_Dash_CanViewAllUsers

Unlocks the User search field on the Task Search Module.


Incident_IsActive

Secures the Active option on Tasks. This does not affect mass updates through the task manager. Users with the rights to perform mass updates can still mark a task as Inactive by completing and archiving the task.

View

PricingConsole

At least View rights are required to provide access to Pricing Console.

View
ProfitabilityBreakdown

Allows the user to view the profit information at the bottom of the Pricing Console.

View
QuickEdit

At least Add rights required to provide access to Enhanced Pricing Console Quick Edit Form

Add/Edit/Admin
QuickEdit_ClientModifier

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_CurrentEffectiveCompRate

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_EffectiveCompRate

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_fkCompCodeID

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_FullTimeEmployees

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_GrossPayroll

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_OverrideBAF

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_PartTimeEmployees

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_PayFrequency

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_PremiumDiscount

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_State

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_SUTA

Works like dataform field security

View/Add/Edit/Admin
QuickEdit_SUTARate

Works like dataform field security

View/Add/Edit/Admin
SurchargeType_ClientSetup

SecEntity associated with ClientSetup Surcharge Type.


tblContact_IsActive

Security on the Contact table

View/Add/Edit
tblOrganization_IsActive

Security on the Organization table

View/Add/Edit
template_templatename_member

Template security (replacing TemplateName with the actual name of the associated template). Allows a user to create workspaces for this template.


{TableName}_$Attachment

Security entity used to secure the Dataform Attachment Action item

View/Add/Edit/Admin

CRM_$Attachment

Security entity used to secure the Organization and Contact attachment Action item

View/Add/Edit/Admin
Incident_$Attachment

Security entity used to secure the Task Attachment Action item

View/Add/Edit/Admin

TimeTracker

Security entity used to secure Time Tracker module records.

Note: 

  • By default, this security entity is added to the EVERYONE role with View, Add, and Edit rights set. This allows users to view/edit and add their own Time Tracker records.

  • Assigning View only access still allows users to edit their own Time Tracker records.

  • Delete rights can be added to a non-admin user to allow them to delete their own Time Tracker records.

  • The ability to View, Add, Edit and Delete Time Tracker records of ALL users requires Admin access. (This does not apply to Global Administrators as they have Admin rights in Time Tracker by default and do not require security entity assignment.)

View/Add/Edit/Admin

UnderwriterApprView

Allows user access to all Approval records. (NOT real-time – only applies when the Approval is created.)

View/Add/Edit/Admin