Roles define what actions users can perform. Scope defines where those actions apply. Roles can be assigned globally or with scoped visibility rules.
When assigning a role to a group, you can grant:
Global access – applies everywhere
Scoped access – applies only to specific People or Objectives
To manage role assignments in WorkBoard, go to:
Admin Tools → Org Management → Groups
What you need
Groups & Roles Admin access in WorkBoard
An existing group
If assigning scoped access: relevant custom attributes (e.g. Region, Department, COC Classification) must be configured in your org before defining scope rules
Available Roles
Role | Purpose | Key Access | Scope |
HRBP | HR Business Partners supporting org performance | View Personal OKRs, Team OKRs, Check-ins, 1-on-1s | Global or Scoped |
Compliance Visibility | Enforces data separation | View Team OKRs | Global or Scoped |
Business Process & Ops Admin | Admins managing scoped org structures | Can update and delete Team OKRs | Global or Scoped |
Groups & Roles Admin is a system role and cannot be self-assigned. Contact the WorkBoard Support team to have this role granted to the relevant user in your organization.
Step 1: Open the Roles Tab
Go to Admin Tools → Org Management → Groups
Select a group
Open the Roles tab
Click Add Role
You'll see a list of available roles.
Step 2: Assign Global Access
To grant full (global) access:
Select a role
Click Save
The role will be labelled Global in the Roles tab.
Global access applies everywhere, within the limits of the user's license.
Step 3: Assign Scoped Access
To limit visibility:
Select a role
Click Define Scope
Define scope rules
Scopes can target:
Objectives (based on custom fields)
People (based on user attributes or reporting structure)
You can add up to 10 rules in a scope. All rules within a scope are evaluated using AND logic.
After defining rules:
Click Save
The role will appear as Scoped with a badge describing the filter
Click Save on the Group modal to save changes
Example 1: Limiting Access by COC Classification (Objectives)
Prerequisite: Existing Objective custom field called COC Classification to manage compliance-based visibility.
To restrict access to specific classified Objectives, you need to:
Assign the appropriate role to the group
Choose Assign Scope
Select Objectives as the target
Add the rule:
Field: COC Classification
Operator: in
Value(s): "IT", "Dev", "Services"
Click Save on the Scope and Role modals
Click Save on the Groups form
Result:
Members of this group can only see Objectives where COC Classification matches one of the selected values.
If an Objective does not match the classification rule, it will not be visible.
All child entities (such as Key Results) under matching Objectives are also accessible.
Example 2: Limiting HRBP Access by Region (People)
Prerequisite: A user custom attribute called Region must exist in your org.
To restrict an HRBP only to see data for employees in a specific region:
Assign the HRBP role to the group (e.g., "HRBP Europe")
Choose Assign Scope
Select People as the target
Add the rule:
Field: Region
Operator: is
Value: Europe
Click Save on the Scope and Role modals
Click Save on the Groups form
Result:
The HRBP can view and export check-ins, personal OKRs, team OKRs, and 1-on-1s only for users whose Region is "Europe".
If a scoped user is a team manager, their team OKRs are included as well.
Alternative — scope by reporting structure: Instead of an attribute rule, you can target by leader subtree (everyone reporting to a specific person). This requires no custom attribute setup and updates automatically as the org hierarchy changes.
Edit or Remove a Scoped Role
In the Roles tab:
Use the 3-dot menu (⋮) next to the role
Choose:
Modify Scope
Delete
To modify the scope:
Select Modify Scope
Edit rules
Click Save
Click Save on the groups modal
To remove the scope:
Select Modify Scope
Click Remove Scope
Click Save
Click Save on the groups modal
The role reverts to Global access.
To remove the role:
Select Delete
Click Save
All associated permissions are removed immediately.
Invalid scope warning: If a custom attribute used in a scope rule is deleted, the scope becomes invalid and is displayed in red in the UI. Permissions stop applying until you either update the rule to use a valid attribute or delete the scope entirely.