One of the fundamental components in Access Management is the meticulous management of Segregation of Duties. This practice aims to mitigate the risk of internal fraud, by establishing clear boundaries between roles assigned to an employee and addressing potential conflicts of interest arising from their responsibilities. The core principle underlying this policy is that no single employee/user should hold absolute power or sole responsibility for all tasks.
Understanding TRESIO user roles and permissions
TRESIO employs a role-based access control system, where users are assigned specific roles based on their responsibilities and the functions they need to perform within the system. Common roles include: account owner, power-user and read-only user. Each user role is associated with specific permissions that dictate what actions and features they can access:
- account owner – this user has full control over the account and is able to: manage additional subscription account users; set up companies, bank accounts, integrations, employees and categories; upgrade subscription package.
- power-user – this type of user is allowed to: set up integrations, add bank accounts, add new company employees (HR-Planning screen). Please note, power-user is not allowed to create/modify/delete companies, categories or other subscription account users, upgrade subscription package or view companies data that are not assigned to him.
- read-only – this user is restricted to viewing or reading data without the ability to make any changes. They are authorized to access only those companies that have been specifically assigned to them.
Account owner | Power-user | Read-only user | |
Manage subscription account users | Yes | No | No |
Set up companies | Yes | No | No |
View companies data | Yes | Restricted | Restricted |
Add bank accounts | Yes | Yes | No |
Set up Integrations | Yes | Yes | No |
Add companies employees | Yes | Yes | No |
Set up categories | Yes | No | No |
Upgrade subscription package | Yes | No | No |
How to manage users
The TRESIO Users screen allows you to add, edit, delete users and link companies to specific users.
To add a new user, click on the ‘New’ button and provide all required data. Then, assign a ‘User type’ from the drop-down list of roles.
To Edit or Delete users, just select a user in the table and click on the relevant button.
How to map companies to a user
To link specific companies to a user, select the user in the ‘Manage Users’ table and click the ‘Link companies’ button
A new table, ‘Assign companies’, will appear above the ‘Manage Users’ table. Here, you can choose the desired companies for the selected users and click the ‘Save’ button to apply the changes.