By default, only users with Access KPIs and Manage KPIs permission set have access to and are able to modify KPIs. These can be system roles or custom ones, created by you. The following system roles have those permissions: user, admin and data.
KPIs also have an Owner that by default is the KPI Creator. It can be changed when creating or editing the KPI. Owner can be a user and/ or a team. There can be more than one owners.
Ownership permission is always prevailing and gives full control over the KPI, regardless of the specific permissions on the KPI, but doesn't allow more actions than the defined permissions in the role of the user.
In other words, if a user does not have the "Delete KPI" permission in his/her role set, he/she won't be able to delete a KPI even if he/she owns it or the permission on the KPI level allows it.
For each KPI you can define permissions to control its visibility and management. Here's how to use it:
Navigate to the KPIs
Select a KPI or Create one
Go to Permissions drop-down and select Custom
Assign who (employees, teams, roles, account) can have what permissions
Keep in mind that Access KPIs global permission is required for a user to be able to Read a KPI, while Manage KPIs is required for a user to be able to take advantage of the granular Update, Delete and Modify permissions
Save KPI
Pro-tip:
KPI permissions can be granted on 4 different levels - employees, teams, roles, account.
