Authorization concept
The authorization concept in Nesto enables you to allow certain functions for each employee. Either predefined roles can be used for this or rights can be assigned individually.
Where can I find the system access??
System access must be activated for each employee and can be found in the navigation menu under Employees > Master Data - then select an employee and navigate to the System access tab. Employees must have an e-mail address stored for access, as this is required to activate an account. If an e-mail address is stored, system access is granted in the first step.
How can I assign rights to an employee?
The prerequisite for assigning authorizations is that the employee has access to Nesto. A distinction is then made between the authorizations of the employee app and the authorizations of Nesto Backoffice.
User roles can be assigned in Nesto Backoffice.
Can rights also be assigned individually?
Yes, it is generally possible to grant each user more or fewer rights. If a role has too few rights, additional rights can be added. Conversely, if a role has too many rights, you can simply select a role with fewer rights or no rights for the employee and then assign them individual rights. However, user roles themselves cannot be customized.
Can an employee have different rights at different locations?
Yes, the rights are assigned per location. For example, an employee can have the manager role at one location, the assistant role at another location and only one right (e.g. control of recorded working hours) at a third location.
Which role has which rights?
Brief description of the roles:
Admin
Usual role in the company: Nesto manager or management
Rights include: Granting back office rights, distributing new administrator roles, processing requirements planning
Manager
Usual role in the company: Person responsible for an organizational unit, e.g. operations management
Rights include: Full access to employee master data, all operationally necessary rights, creation of new employees, rights for the employee app (but no rights for the back office), daily closing, approval of duty rosters
HR manager
Usual role in the company: HR manager
Rights include: Full access to employee master data and the back office, assignment of further back office rights, payroll details, access to individual evaluations
Controller
Usual role in the company: Controller, area manager
Rights include: Viewing duty rosters and key figures, reopening completed days
Assistant
Usual role in the company: Employees who perform initial management tasks
Rights include: Checking and correcting recorded working times, creating duty rosters (but not granting approval)
Detailed information on the rights of a user role:
Shopfloor management |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Shopfloor management dashboard | |
| |
|
|
Report sick on dashboard |
|
|
|
|
|
Labor scheduling |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Day planner |
|
|
|
|
|
Week planner |
|
|
|
|
|
Month planner |
|
|
|
|
|
Employee-centered planner |
|
|
|
|
|
Release labor schedule |
|
|
|
|
|
Release labor schedule with violations |
|
|
|
|
|
View planned labor cost ratio |
|
|
|
|
|
View planning-relevant data from employees in other organizational units[1] |
|
|
|
|
|
[1] View planning-relevant data for other locations: This right enables you to view the availabilities, planned and recorded working times of employees who are loaned to other organizational units.
Recorded working times |
Admin |
Controller |
HR manager |
Manager |
Assistant |
View recorded working times (incl. editing comments) |
|
|
|
|
|
Change recorded working times |
|
|
|
|
|
Execute labor cost simulation |
|
|
|
|
|
Execute labor cost simulation incl. management costs |
|
|
|
|
|
Labor cost report |
|
|
|
|
|
Perform daily closing |
|
|
|
|
|
Withdraw daily closing |
|
|
|
|
|
Evaluation |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Day analysis |
|
|
|
|
|
Benchmarking |
|
|
|
|
|
Performance evaluation |
|
|
|
|
|
Vacation planning |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Vacation overview |
|
|
|
|
|
Vacation reduction |
|
|
|
|
|
Employee master data |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Full access |
|
|
|
|
|
General |
|
|
|
|
|
Personal |
|
|
|
|
|
Contract data |
|
|
|
|
|
See management costs |
|
|
|
|
|
Availabilities |
|
|
|
|
|
Qualifications |
|
|
|
|
|
Working hours |
|
|
|
|
|
Working time account |
|
|
|
|
|
Absences |
|
|
|
|
|
Notes |
|
|
|
|
|
Special payments |
|
|
|
|
|
Delete employee |
|
|
|
|
|
Employee document management |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Full access |
|
|
|
|
|
Incoming documents |
|
|
|
|
|
Read |
|
|
|
|
|
Upload |
|
|
|
|
|
Delete |
|
|
|
|
|
Employee system access |
Admin |
Controller |
HR manager |
Manager |
Assistant |
System access[2] |
|
|
|
|
|
My Nesto (employee app) |
|
|
|
|
|
Assign authorizations for Nesto Backoffice[3] |
|
|
|
|
|
[2] System access: Basic access to the system (log in, change password, etc.)
[3] Nesto back office: Only authorizations and roles that are assigned to you can be assigned.
Employee archive |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Read employee archive |
|
|
|
|
|
Reactivate employee |
|
|
|
|
|
Payroll export |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Location transmission |
|
|
|
|
|
Employee overview |
|
|
|
|
|
Employees |
|
|
|
|
|
Central document upload |
|
|
|
|
|
Export |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Full access |
|
|
|
|
|
Working times |
|
|
|
|
|
Absences |
|
|
|
|
|
Employee lists[4] |
|
|
|
|
|
Payroll exports |
|
|
|
|
|
Vacation accruals |
|
|
|
|
|
Monthly vacation accruals |
|
|
|
|
|
Working time change history |
|
|
|
|
|
Support assignments[5] |
|
|
|
|
|
Total annual surcharges[6] |
|
|
|
|
|
Working time accruals |
|
|
|
|
|
[4] Employee list: Only master data that can be viewed can be exported.
[5] Support assignments: Overview of borrowed employees and the hours worked
[6] Total annual surcharges: A comparison of the actual surcharges earned and the flat-rate surcharges paid out.
Local settings(1/2) |
Admin |
Controller |
HR manager |
Manager |
Assistant |
General |
|
|
|
|
|
Read store information |
|
|
|
|
|
Manage store information |
|
|
|
|
|
Read positions |
|
|
|
|
|
Manage positions |
|
|
|
|
|
Read opening hours |
|
|
|
|
|
Manage opening hours |
|
|
|
|
|
Demand planning |
|
|
|
|
|
Read dynamic staffing requirements |
|
|
|
|
|
Manage dynamic staffing requirements |
|
|
|
|
|
Read minimum staffing requirements |
|
|
|
|
|
Manage minimum staffing requirements |
|
|
|
|
|
Read additional staffing requirements |
|
|
|
|
|
Manage additional staffing requirements |
|
|
|
|
|
Read other planning settings[7] |
|
|
|
|
|
Manage other planning settings[8] |
|
|
|
|
|
Automatic planning |
|
|
|
|
|
Read shift proposals |
|
|
|
|
|
Manage shift proposals |
|
|
|
|
|
[7][8] Other planning settings: overwrite sales forecast, temporary staff can be scheduled above maximum hours
Local settings(2/2) |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Time recording |
|
|
|
|
|
Read configuration |
|
|
|
|
|
Read registered devices |
|
|
|
|
|
Manage registered devices |
|
|
|
|
|
Notifications |
|
|
|
|
|
Read notifications |
|
|
|
|
|
Manage notificaitons |
|
|
|
|
|
Employee app |
|
|
|
|
|
Read features |
|
|
|
|
|
Manage features |
|
|
|
|
|
Read deadline for desired times |
|
|
|
|
|
Manage deadline for desired times |
|
|
|
|
|
Payroll export |
|
|
|
|
|
Read payroll simulation |
|
|
|
|
|
Manage payroll simulation |
|
|
|
|
|
Global settings |
Admin |
Controller |
HR manager |
Manager |
Assistant |
Manage contract templates, special payments, document categories |
|
|
|
|
|
Customize employee app background image |
|
|
|
|
|