Skip to main content

User roles and access levels

Learn how to manage permissions with roles and access levels.

Updated over a month ago

Use roles and access levels to control what your team can see and do. Roles define overall permissions, while access levels let you get more specific.

We’ll show you how to use them together to set up the right access for everyone.

User roles

User roles are predefined permissions that determine a user’s default access. To set them up, go to Configuration → User Roles.

There are four standard roles available:

Account owner

The account owner has unrestricted access to all areas of the platform. Only one account owner can be assigned to each account. Ownership can be transferred to another employee through the Manage account tab in Settings.

📌 Note: The role of account owner can only be transferred by the current owner. If the current owner is no longer available (for example, if they have left the company), please contact our Support team.

Administrator

Administrators have unrestricted access to all areas of the platform, and the number of administrators is not limited. To assign this role, open the Administrator access level and go to the Assigned section.

Manager

A manager has additional rights over their team members. The role is hierarchical: if Manager A manages Manager B, then Manager A can also manage the users assigned to Manager B.

To assign a manager role, go to the Company structure section in the employee’s Profile data and select the manager in the Manager field.

Employee

This default role applies to any new user. Employees access only their own data and the information shared with them. They can receive most additional permissions through Access levels.

Access levels

Depending on your company structure, you may need to assign different access levels to different user groups or individual users.

With access levels, you can customize employee information and give any of the three types of users specific rights to view or edit employee profiles.

📌 Note: One access level cannot remove permissions that another access level or a user’s role has granted.

For example, if a custom access level gives an employee “View” access, but the “All Employees” access level for that same information allows “View and Edit,” the “View and Edit” permission takes priority over the custom access level.

User groups

Employees are divided into two main groups, with a third group that combines everyone:

  • Employees themselves: Access to their own data

  • Managers: Access for managers and those higher in the reporting line

  • All employees: Access for everyone in the company

Access level types

There are three types of access levels:

  • View: The user can only see the information.

  • View and edit: The user can see and modify the information.

  • No access: The user cannot see or modify the information.

📌 Note: By default, Administrators have the right to view and edit any information. Employees can only view and edit their personal information.

Custom access levels

You can manage the access levels of specific employees and teams more precisely by adding custom access.

To add a custom access level:

  1. Click Add custom access level.

  2. In the right-hand sidebar, select either Employee or Teams and choose the relevant person or team.

  3. Under Access level, select the relevant level for the user or team.

  4. Optionally, you can restrict access to specific groups or departments.

Click Add custom access level to save your selection. The page will then display a summary of the new access level.

Access levels categories

Access levels are organized by different data categories.

Employee profile data

There are eight defined categories of employee profile data. You can access them by going to People > Employee > Employee profile data.

  • Professional: Essential information about the employee’s role within the company.

  • Employment details: The employee’s details related to the company.

  • Company structure: The employee’s place in the company.

  • Personal: Personal details and contact information.

  • Address: The employee’s personal address.

  • Payroll information: Details for payroll, including tax, social security, insurance, and bank info.

  • Emergency contact: Who to contact in case of an emergency at work.

  • Social network: Personal contact information on social networking apps.

Payroll

There are 2 categories for payroll management:

  • Salary and paysheets: Access to the Salary and Sheets subsections in each employee’s profile.

  • Payroll management: Access to the Payroll module, including the ability to manage pay runs and view employee salary records.

Reports

This access level defines permissions for the Reports module.

  • With View and edit access, users can create new reports and dashboards.

  • With View access, users can browse existing reports but cannot create or change them.

Employee custom modules

Each employee custom module has its own access level. When you create a new one, a new access level section is automatically created and needs to be configured.

There are four default employee custom modules:

  • Assets

  • Access cards

  • Trainings

  • HR notes

This also applies to other areas, like employee documents, company custom modules, and company documents.

📌 Note: Always review and adjust access levels after creating a new module or folder to ensure the right employees have the right permissions.

Journeys

There are four categories:

  • Pre-onboarding

  • Onboarding

  • Offboarding

  • Journeys management

The Journeys management category controls who can manage journey categories and their permissions.

  • Users with view and edit access can create, archive, or delete journey categories and manage access to each category.

  • There is no view-only access for journey management.

When you create a new journey category, the system automatically creates a new access level. You need to set this up to decide who can use it.

Whistleblowing

The Whistleblowing category is unavailable by default. Once you create a Whistleblowing channel, the new category will be created in your Access levels settings.

Birthdays and work milestones

Some events, like birthdays and work anniversaries, are hidden by default and not visible to any user. To make these events visible, an administrator must update the settings for specific access levels.

The following events require changes in the listed access levels:

  • Birthdays → Profile data → Personal

  • Work anniversary → Profile data → Employment details

  • Employment start → Profile data → Employment details

  • Probation end → Profile data → Employment details

  • Employment end → Profile data → Employment details

⚠️ Important: Granting this access level will unlock the entire section of the employee profile, not just the selected field.

For example, if you give a user View access to the Personal section, they will be able to see the complete section in every employee profile.

Did this answer your question?