Access roles specify permission to view or update routed transactions, such as self-service actions. You manage access roles for self-service actions in the Maintain Roles window.
SSHR provides two predefined types that you can use to create access roles that govern update permissions in self-service actions:
SSHR Update Allowed
SSHR Update Not Allowed
By default, all users can update an action. If you define a role using the SSHR Update Allowed type and assign it to a user, everyone else can no longer update. If you define and assign a role using the SSHR Update Not Allowed type, everyone else can update.
You do not use both types in the same implementation. Your decision to use one type or the other depends on whether the majority of users require update privileges. If they do, use the Update Not Allowed type to remove edit privileges from the remaining users. If the majority do not require permission to update, use the Update Allowed type to grant edit permission to those who do. If your organization has 40,000 people, of whom only 80 require update privileges for self-service actions, it makes more sense to grant privileges to 80 people than to deny them to 39,920.
Note: Position control and budgeting features also use role types to set up roles for routing and approvals. Do not use the predefined role types of Line Manager, HR Manager, or Budget Manager with self-service actions.