Within your organization, employees have different tasks and authorities. We want to translate these tasks and authorities into the correct setup in Spend Cloud. These tasks and authorities are referred to as "function profiles" in Spend Cloud. In the image below, you can see that a function profile is composed of a Permission Set, granting access to buttons within Spend Cloud, combined with additional role permissions.
An example of how function profiles might be distributed within your organization is as follows:
- Executive
- Manager
- Team Leader
- Employee
This distribution can become more specific. For instance, if you have various types of managers within the organization, you can create more specific profiles. This relates to additional permissions from different modules within Spend Cloud.
Function Profiles, Additional Role Permissions, and Modules
Spend Cloud consists of various modules, and the additional role permissions associated with a function profile vary per module. For example, in the Invoice Processing and Expense Claims modules, you need to select a procurement amount. In the Cash & Card module, you need to specify if an employee is allowed to close a booking period. In the Procurement module, you need to define procurement amounts and access to supplier groups. Supplier groups help you determine which suppliers a function profile can place orders with. You can imagine that all these choices lead to a breakdown of profiles within your organization.
Exceptions to Function Profiles
It's possible that your organization initially starts with just one module, such as Expense and Card. In this case, function profiles can be set up more easily by dividing them into Card Administration, Card Employees, and Card Responsible.
Importance of Function Profiles
There are two reasons why it's important to think carefully about setting up and distributing function profiles:
- Employees gain standardized access to permissions within Spend Cloud based on a function profile.
- Maintenance in Spend Cloud becomes easier by grouping different roles within the organization into standardized profiles.
Ideal Function Profile Setup
In an ideal use of function profiles, you would want employees in Spend Cloud to have one function profile assigned as much as possible. This function profile would grant access to rights and permissions across multiple modules, making application management maintenance as user-friendly as possible. Further details on this setup can be found under the "Roles" section below.
Roles
A role consists of various components which are Rights, a function profile and an organizational unit.
Rights
We start a role with a rights set. A rights set defines which menu items and buttons within menu items a user is allowed to see and use. For example, for a "Signatory" permission set, it may be defined that the user has access to the "Assessment" menu item in Spend Cloud.
Function Profiles
Next, a function profile is a combination of the permission set and specific role permissions. An example of specific role permissions is the procurement amount assigned to an employee for reviewing invoices or the maximum amount they can order. The guideline for determining and subdividing function profiles often comes from the different roles that employees can have in your organization. You can create a function profile for the "Facility Manager" role, for example, with all associated rights and permissions.
Role
An employee is placed somewhere in the organizational structure within Spend Cloud with the previously mentioned function profile, such as at the location where this employee works. Together, these elements constitute the role of the employee.
Example:
Role |
Organizational unit | Employee | Rights | Permissions |
Facility service | Wim the facility manager | Assessor | Assess invoices up to €1000 |
In this example, Wim works in the Facility Service and is allowed to review invoices up to €1000. In the Spend Cloud, he is placed in the organizational unit "Facility Service." In the "Signatory" permission set, it's specified that he has access to the required menu items, and his role permissions state that he has a procurement amount of €1000.
Multiple Roles
An employee can have multiple roles. So, if an employee needs to approve invoices and place orders, they could have three roles in the same organizational unit:
Role |
Organizational unit | Employee | Rights | Permissions |
Facility service | Wim the facility manager | Assessor | Assess invoices up to €1000 |
Facility service | Wim the facility manager | Buyer | Buying and assessing orders up to €1000 |
Facility service | Wim the facility manager | Card Responsible | Assess booking periods |
Wim has one role here, which combines his permissions for Invoice Processing, Procurement, and Cash & Card. This also involves a combined rights set so that he sees all the necessary menu items. When we can consolidate all these permissions into one function profile, it simplifies the authorization scheme and makes it easier to maintain.