Skip to main content

Access Permissions Admin Screen

This screen gives security administrators the ability to control which admin screens may be accessed by other administrators and to control their level of access. It also allows administrators to select which buttons and functions appear for users in the Chrome River, including Delegate, Emburse Card, Invoice Management and Purchase Order Management settings.

By default, Chrome River has granted all the administrators at your organization access to all screens and turned the Access Permissions admin screen off. Customers who wish to activate this feature should contact us via the Chrome River Help Desk. Your organization will need to designate a "Super Admin" who can control access for all other admins.

1. Click the MENU button in the upper left corner, then ADMIN SETTINGS.

2. Click SECURITY > ACCESS PERMISSIONS.

3. You will see a summary of recent enhancements to the Access Permissions screen on the right.

4. Access is controlled at three levels:

  • Permissions are individual actions that may be taken on each admin screen, such as View, Edit or Delete.
  • Policies are groups of permissions—for example, you could have a Read-Only policy that disables some or all actions and an Edit policy that allows users to access some or all actions.
  • Grants allow you to assign each policy to groups of users to determine which permissions they have—for example, all C-Level employees could be granted access to just the Read-Only policy. The same user may have multiple grants as long as he or she has multiple roles.

Create a Policy

Policies are groups of permissions that may be granted to users based on their roles.

1. To create a new policy, click the POLICIES tab, then click the plus sign.

2. Give the policy a name and, if desired, a description.

3. Scroll through the list of permissions and check the ones you wish to enable for that policy. Uncheck the ones you wish to disable.

Use the SELECT and DESELECT buttons to select all or deselect all permissions.

4. When you are finished, click SAVE. The new policy will appear in the Policies list.

5. Now you must attach a grant to the policy in order for it to take effect for the desired users. If you have not yet created any grants, jump to Create a Grant, below.

In the upper right corner of the policy screen, click EDIT.

6. Use the Grant drop-down box to select the desired grant. Then click SAVE.

Create a Grant

Grants allow you to assign policies to groups of users to determine which permissions they have. Each grant must be assigned to a unique role, but the same user may have multiple grants as long as he or she has multiple roles.

Create a New Grant

1. To create a new grant, click the GRANTS tab, then click the plus sign.

2. Give the grant a name and, if desired, a description.

3. Use the Relationship Attributes drop-down boxes to select the role to which you wish to assign this grant. Anyone who has been assigned this role in their Person record will be granted the permissions allowed by the policies associated with this grant.

4. Select the desired policy from the Policy drop-down box. You may grant the selected Role multiple policies, if needed.

5. Click SAVE.

Clone an Existing Grant

You may copy an existing grant and edit it to create a new grant by clicking the CLONE button in the upper left corner of the desired grant.

Once you select a different relationship attribute for the new grant, it may be saved as a separate grant.

Edit a Policy

1. Select the desired policy in the list and click EDIT.

2. Find the desired group of settings in the list and use the check boxes to select which specific buttons and functions should be available to users and/or admins in the user interface.

You may select or deselect all the options by checking the box next to the section heading.

3. When finished, click SAVE.

Emburse Cards Permissions

Chrome River offers the ability to issue physical and virtual spend cards to users who do not have corporate credit cards. Emburse Cards make it easy for users to spend a pre-approved amount on travel expenses anywhere credit cards are accepted without needing to pay out of pocket. They also make it easy for your organization to control and reconcile user spending.

1. To enable Emburse Card access for users and determine which options appear in the user interface, check the boxes under Emburse Card in the Pre-Approval section of the desired policy.

 

2. Now attach a grant that determines which users will be able to see and use the Emburse Card option.

Help Desk Permissions

This feature allows users to access the Chrome River Help Desk from inside the Chrome River app without having to enter their login credentials. Users must have an active Chrome River Help Desk account under the same email address used to log in to Chrome River, and they must enable pop-ups in their web browser the first time they use this feature. If an administrator requires a Help Desk account, please open a case using the Chrome River Help Desk portal.

This feature is already enabled for customers who use Chrome River's default access permissions. If your organization has custom access permissions, an administrator with Super Admin permissions must follow the steps below to enable Help Desk access within Chrome River.

  • If you see a RESET button in the preview pane for your access permissions policy, your organization has custom access permissions.
  • If there is no RESET button, your organization uses default access permissions.

1. Enable user access via a policy by checking "Authorized Help Desk Ticket Manager" under Help Desk.

2. Now, attach a grant that allows only users with an active Chrome River Help Desk accounts to see the Help Desk link inside Chrome River.

  • Be sure to apply the grant only to individuals with an active Help Desk account.

If the grant is made to users who do not have an active Help Desk Account, they will see the following error message when they click the HELP DESK link.

Note that customers may hold a limited number of Help Desk account licenses.

Enable Enhanced Adjustment Capabilities for Expense Approvers

Your organization may choose to offer extended adjustment capabilities for expense approvers, allowing them to adjust the Expense Type, Date, Description, and any User-Defined Field (UDA) on an expense. An administrator may activate this feature at the user level for all approvers, just a specific group of approvers, or multiple groups of approvers.

1. On the Access Permissions admin screen, select the appropriate policy and click EDIT.

2. Under Expense Approvals, check “Allow adjust on Description, Date & User Defined Attributes during approval” and/or “Allow adjust Expense Type during approval," then click SAVE.

Enable Unauthorized Users to View Image Links in Approval Emails

Chrome River requires users to log in when they click the “View,” “View Receipts” and "View Images" links from Expense and Invoice Approval Email Notifications, and only the user to whom the expense is assigned may view those images. However, your organization may choose to allow any user who receives the email notification and is logged in to Chrome River to view images via those links.

  • For example, if your organization uses the Watcher feature, approval emails can be sent to additional users who are not the expense approver. Those users may also access images via links in those emails, as long as they are logged in to Chrome River.

1. On the Access Permissions admin screen, select the User Default Access policy and click EDIT.

2. Under User Access, check “Allow Viewing Receipts On Approval Emails Without Authorization,” then click SAVE.

Hide or Show eWallet Ribbon on Dashboard

The eWallet ribbon on the Chrome River Dashboard displays users' count of unused expense items, allowing expense owners and delegates to view the number of their credit card items and receipts at a glance whenever there is at least one unused item. Administrators may activate and deactivate this feature for their organization via the Access Permissions admin screen.

1. Click the POLICIES tab, then select USER DEFAULT ACCESS and click EDIT.

2. In the Permissions section, under General, find the Dashboard section.

3. Check or uncheck SHOW eWALLET PANEL.

Expense Management Dashboard Permissions

Admins may control user access to the Expense Management Dashboard via the Access Permissions admin screen.

  • Note: If your organization would like to determine which expense reports may be viewed by Expense Management Dashboard users based on the roles and entities assigned via the People admin screen, please open a case in the Chrome River Help Desk.

1. Click the POLICIES tab, select the appropriate policy,and click EDIT.

2. In the Permissions section, under General, find the Expense Management section.

3. Check or uncheck Show Expense Management Dashboard.

Recall Exported Reports

Checking Allow recalling exported reports will allow anyone in the selected policy to recall exported expense reports via a button on the Expense Management Dashboard or inside the report.

  • Note: It is not recommended to grant Recall permission unless your organization uses SAP connectors and has delta export logic incorporated into its ERP.

Was this article helpful?