Overview of Administrator Permissions

This role has access to all Payroll, Benefits, HR, Integrations, Time, and Contractors permissions.

The Full Company Admin has access to all core permissions, some of these being optional.

  • Edit Company Profile: if the user does not have this permission, the Company Profile app will not appear on the dashboard.
  • Add / Remove Admins: if the user does not have this permission, they will not be able to add or remove admins in the Company Profile > Administrators section. 

The following permission list will vary, depending on what your company uses Zenefits for.

  • View basic staff info
  • View sensitive worker info (e.g., SSN, pay)
  • Hire and terminate individuals, and edit info
  • Can complete I-9 Form
  • Run payroll
  • Hire and terminate contractors*
  • Manage contractor payments*
  • Add apps to your account
  • Manage integrated apps
  • Create custom integrations
  • Create time off policies
  • Approve PTO requests
  • Create leave of absence policies (optional)
  • Add, edit, and approve leave of absence requests (optional)
  • View, upload, and delete sensitive leave related documents (e.g. PHI) (optional)
  • Edit and approve Time & Attendance Hours
  • Submit worked hours to payroll
  • Create/edit schedules in Scheduling
  • View company health plan info
  • Edit employee and company benefits data and manage benefits renewals (optional)
  • Complete tasks and receive notifications related to employee benefits (optional)
  • Serve as the point of contact for employees' benefits questions (optional)
  • Verify employees' qualifying life events (optional)
  • Edit employees' ACA, COBRA, deductions, and Flex Ben info
*These permissions only apply to people in the Contractors App.

This admin can run payroll. The admin must have the following permissions to be a Payroll Admin:

  • Can view basic info
  • Can view sensitive info (SSN, pay, bank accounts) 
  • Can hire and terminate workers, and edit worker info
  • Can run payroll

This admin manages your company's health benefits and employees' enrollment info.

Ben Admin Administrator Roles & Permissions

Customers are able to assign the Benefits Admin role to employees or to external administrators in order to manage their benefits.  The following are permissions you are able to assign to Benefits Admins.
  1. (default) View basic staff info
  2. (default) View company health plan info
  3. (default) Edit employees'  ACA, COBRA, deductions, and Flex Ben info
  4. (optional) View sensitive worker info (SSN, pay)
  5. (optional) Edit employee and company benefits data and manage benefits renewals
  6. (optional) Complete tasks and receive notifications related to employee benefits
  7. (optional) Serve as point of contact for employees' benefits questions
  8. (optional) Verify employees' qualifying life events

Ben Connect Administrator Roles & Permissions

Customers using a Certified Broker Partner (CBP)  have their account automatically associated with their brokerage.  Certified Broker Partners are able to assign four unique roles for their users:
  • Admin user - These users are able to perform all actions within the Benefits Administration app for a customer.
  • Renewals user - These users immediately receive all default permissions, along with permission #4, listed below.
  • Fulfillment user - These users immediately receive all default permissions, along with permission #5, listed below.
  • Limited user - These users have read-only access to Customer accounts.  
In addition, CBP users are able to
  1. (default) View basic staff info
  2. (default) View company health plan info
  3. (optional) View sensitive worker info (e.g. SSN, pay)
  4. (default - Renewals user) Edit employee and company benefits data and manage benefits renewals
  5. (default - Fulfillment user) Complete tasks and receive notifications related to employee benefits
  6. (optional) Serve as point of contact for employees'  benefits questions

This admin manages HR records and handles hiring and terminations. 

  • Can view basic employee info
  • Can complete I-9 Form
  • (optional) Can view sensitive employee info (SSN, pay, bank account info)
  • (optional) Can hire and terminate, and edit employee info - if the user does not have this permission, they cannot add employees from the dashboard or access the hiring app.
  • (optional) Can access compensation benchmarking data for all locations and departments
  • (optional) Create leave of absence policies
  • (optional) Add, edit, and approve leave of absence requests
  • (optional) View, upload, and delete sensitive leave related documents (e.g. PHI)
Permissions apply to:
  • All admins
  • Everyone in their department - everyone appears on the dashboard but "department only" admins can only access full profiles for others in their department
  • Everyone in their location - everyone appears on the dashboard but "location only" admins can only access full profiles for others in their location

Notes

  • At this time, the permission to view sensitive information is bundled. There is no way to customize which sensitive fields HR admins are able to view.
  • HR admins whose permissions are limited to their location or department won't be able to create time off policies or engagement surveys.

This admin adds apps and custom integrations, and manages integrated apps.

  • Can view basic info
  • Can add apps to your account
  • Can manage integrated apps
  • Can create custom integrations
What if the admin doesn't have the Integration admin permission? 
  • They cannot add apps from the dashboard
  • They cannot manage apps from any app overview page

The information below only applies to companies who use the Contractors app on their dashboard.

This admin hires and terminates contractors, and manages contractor payments.

  • Can view basic info
  • Can hire and terminate contractors
  • Can manage contractor payments

Different types of admins (Benefits Admin, Payroll Admin, HR Admin, etc.) will see different sets of apps on their dashboard. Full company admins will continue to see all apps. 

admin permission key

This role has access to the Time & Attendance & Time Off apps, regardless of if the user is utilizing the Time & Attendance feature to track hours. 

This admin can view and edit changes for Time related products, including permissions to be able to lock hours in Time & Attendance that will be sent to payroll. The Time admin will also have an option to restrict sensitive information, due to having visibility into salary information.

You can limit a Time Administrator’s visibility to a specific location or department, so that they don’t have access to the entire company’s information.

Below is a chart that details what exactly is considered "basic information" for an admin in Zenefits, as well as breaking down which Zenefits fields can be viewed based on user level.


Coworkers Manager Admin
(cannot view sensitive)
Admin
(can view sensitive)
Main Admin
Preferred Name X X X X X
Legal Name X X X
Legal Gender X X X
Personal Pronouns X X X X X
Date of Birth X X X X
SSN X X
Phone Number X (if selected) X X X X
Email X X X X X
Home Address X X X X
Emergency Contacts X X X X
Job Title X X X X X
Department X X X X X
Work Location X X X X X
Employment Type X X X X
Manager X X X X X
EEO X X X
Tax Info X X X
Salary Permission dependent X X
Bank Account X X
Payment Method X X X
I-9 Form X X X
Benefits Info X
Payroll Info X

Still need our help? Our support team is waiting to help you. Contact us