Set up roles, permissions, and manager scope
Decide who is an admin, who is HR, who manages teams, and what each role is allowed to view or change.
The goal
Permissions should match responsibility. Admins should not need to do everything forever, and managers should only see the parts of the organisation they actually run.
Typical role model
- Admin: full account setup, structure, policy, and system-level control.
- HR: people records, onboarding, compliance, and payroll-related data.
- Manager: rota ownership, attendance review, timesheet approval, team oversight.
- Employee: self-service access to their own schedule, leave, and payslips.
Set scope as well as role
Being a manager should not mean seeing the whole company unless that is genuinely required. Use departments, teams, and memberships to define real ownership.
Recommended sequence
- Assign the minimum number of admins needed for resilience.
- Give HR access to people, onboarding, payroll, and compliance workflows.
- Assign managers to departments or teams they truly own.
- Test the view from a manager account before going live.
Screenshot placeholder: add a screenshot showing role assignment, memberships, or scoped access controls. Recommended image size: 1600 x 1000.
What to avoid
- Making all operational users admins.
- Letting managers review teams they do not actually supervise.
- Using role names without defining the real behaviour behind them.
Once permissions are clear, you can safely add employees and begin onboarding without exposing the wrong data to the wrong users.