Roles & Permissions
What is a Role?
A Role is a set of permissions granted to an employee within the system.
✔ Role = Determines what the employee can do within the system.
For example:
- HR Manager: Comprehensive management
- Attendance Supervisor: Attendance management
- Department Manager: Department management
- Regular Employee: Limited permissions
- Financial Employee: Financial permissions
- Payroll Officer: Payroll management
Each role has completely different permissions.
Assigning roles correctly ensures data protection and permission organization within the system.
Relationship Between Departments and Roles
Relationship:
- Employee ← belongs to department: Determines location
- Employee ← gets role that grants permissions: Determines permissions
Example:
- Employee in Technical Support department
- But has "Technical Support Supervisor" role
- So will have more permissions than regular employee in same department
Combining department and role determines employee's work location and permissions accurately.
Why Should Roles Be Added After Departments?
Because:
- Department determines "where employee works": Location
- Role determines "what they can do": Permissions
Without role:
- Employee might see everything or nothing: No control
- No permission control: Chaos
- No clear management levels: Disorganization
- Security and internal policies are lost: Security problems
Therefore, logical steps in HRMS:
- Create departments: Basic structure
- Create roles: Permissions
- Add employees and link them to department and role: Final linking
Following correct order (departments → roles → employees) ensures good system organization.
Permissions (Roles) Page Explanation
When opening "Permissions" page you will find:
1. "Add New Role" Button
To create a new role.
2. List of All Existing Roles
Shows:
- Role name: Main title
- Number of users linked to role: Statistics
- Operations: View – Edit – Delete
Using the list helps review and manage all roles easily.
Adding New Role
When opening add role form you will find:
① Role Name
For example:
- System Administrator
- Attendance Supervisor
- Payroll Officer
- Regular Employee
- Technical Support Department Manager
This name appears to users and management.
② Select Department for Role
Why link role to department?
Because:
- Each department has different task nature: Different tasks
- Technical Support manager differs from Accounting manager: Different permissions
- Sales supervisor needs different permissions than Warehouse supervisor: Different needs
Linking role to department helps organize structure.
③ Select Permissions
Most important part of the page.
Includes:
- View – Add – Edit – Delete: Basic operations
- Access to user data: Employee data
- Financial permissions: (Salaries – Advances)
- Administrative permissions: (Leaves – Tasks – Training)
- System permissions: (Settings – Reports – Smart Insights)
Example:
Payroll Officer:
- Views salaries
- Edits salaries
- Approves advances
- Cannot delete employee
- Cannot access training or meetings
Department Manager:
- Views only their department employees
- Approves their leaves
- Views their department attendance
- Cannot see other departments
④ Save Role
After saving:
- Role appears in list: Immediate addition
- Employees can use it after assignment: Ready for use
Make sure to select appropriate permissions before saving role to avoid security problems.
Edit Existing Role
Can:
- Add or remove permissions: Update permissions
- Change role name: Update name
- Move to another department: Change department
- Link additional employees: Add employees
System applies update immediately to all employees linked to role.
Delete Role
Cannot delete role if linked to employees.
Must first:
- Transfer employees to another role: Transfer permissions
- Then delete role: Safe deletion
This protects system from sudden permission loss.
Make sure to transfer all employees before deleting role to avoid permission loss.
How Does Role Link to Users (Employees)?
When adding employee:
- Select their department: Determine department
- Then select their role: Determine role
This allows system to:
- Display appropriate page for them: Customized interface
- Protect other pages from appearing: Security
- Determine who can approve requests: Control
- Determine who can view reports: Specific reports
- Determine who can edit salaries: Financial permissions
Example:
Employee "Omar" in Technical Support department with "Technical Support Employee" role
Will see:
- Tasks
- Notifications
- Their attendance
- Messages
Will not see:
- Salaries
- System management
- Company settings
- Other employees' data
This example shows how role determines what employee can see and access.
Real Scenarios Showing Importance of Permissions
🎯 Scenario 1: Regular Employee Views Salary Data
If roles are not set:
- Regular employee might see everyone's salaries: Security issue
- Major security error: Privacy violation
Permissions prevent this.
🎯 Scenario 2: Department Manager Wants to Approve Leaves
Needs:
- "Approve Leaves" permission: Approval
- "View department employee requests" permission: View requests
If role is set → works correctly
If role is incomplete → cannot approve anything
🎯 Scenario 3: Financial Employee Needs to Handle Advances
Needs:
- "Manage Advances" permission: Advance management
- "View salaries and dues" permission: View financial
These scenarios show importance of assigning permissions correctly.
Best Model for Designing Roles in HRMS
You can create the following roles:
1. System Administrator (Super Admin)
All permissions: Full access
2. HR Manager
- Manage employees
- Manage attendance
- Salaries and leaves
3. Department Manager
- Views their department employees
- Approves their requests
4. Payroll Officer
- Manage salaries
- Manage advances
- Salary reports
5. Regular Employee
- View their data
- Request leave
- Request advance
- Their tasks
This model provides clear structure for roles within system.
Common Permission Mistakes
❌ Giving Too Many Permissions to Inappropriate Person
May cause:
- Data deletion: Information loss
- Unintended modification: Errors
❌ Deleting Role Linked to Employees
Causes system problems.
❌ Not Linking Role to Correct Department
Leads to illogical permission overlap.
❌ Forgetting to Enable Approval Permissions
Leads to employee request delays.
Avoiding these mistakes ensures system works correctly and securely.
Why Permission System is Essential Part of Job Security?
Permissions are not just settings… they are essential element in:
1. Data Protection
Salary data — Documents — Contracts — Performance — all sensitive data.
Without permissions:
- Any employee might see data not theirs: Privacy violation
- Or modify something important: Unauthorized modification
- Or delete critical files: Data loss
System prevents unauthorized access.
2. Permissions Build "Authority Levels" Within Company
Company has different management levels, and permissions reflect these levels:
- 1) Senior Management: See all strategic data
- 2) Department Managers: See only their department employees
- 3) Supervisors: See tasks — evaluation — attendance — and follow their team
- 4) Employees: See only their data
Without this division… system becomes chaos.
3. Permissions Prevent Permission and Role Conflicts (Conflict of Access)
Example:
- Payroll employee should not be able to delete employee: Task separation
- Training employee should not be able to modify salaries: Permission separation
- Technical support employee should not see performance evaluation: Data protection
Roles solve this problem automatically.
4. Can Create Special Permissions for Same Department by Function
Example "Technical Support" department:
- Support employee: Sees tasks only
- Support supervisor: Approves tasks
- Support manager: Sees team performance and reports
This is very important in large companies, because one department has different levels.
5. Permissions Legally Protect Company
Why?
Because:
- Every action employee performs is recorded in system: Complete record
- Permissions ensure each employee has legal "right" to perform this action: Legal protection
- Prevent manipulation in advances, leaves, or salaries: Prevent manipulation
This provides company protection in case of any dispute.
6. Permissions Support Separation of Duties Policy
It is a global policy in HR systems.
Example:
- Employee approves requests: Approval
- Another employee processes them: Processing
- Third employee reviews their reports: Review
And no one has all three permissions.
System supports this model… prevents corruption or misuse.
7. Permissions Link Each Screen in System to Appropriate Function
Each screen in system has independent permission:
- Attendance: Attendance permissions
- Advances: Advance permissions
- Salaries: Salary permissions
- Evaluation: Evaluation permissions
- Documents: Document permissions
- Senior Management: Management permissions
- Training: Training permissions
- Reports: Report permissions
- Smart Insights: Insights permissions
This ensures system is very flexible.
For example:
- Allow employee to see attendance: View only
- Without allowing them to modify attendance: No modification
This gives very precise control.
8. Permissions Improve Work Quality Within Each Department
Because:
- Each employee sees only necessary pages: Focus
- This reduces distraction: Efficiency
- Increases work execution speed: Productivity
- Makes system easy for each employee: Ease of use
9. Permissions Help Distribute Responsibilities
Management has 25 employees…
If all have same permissions → chaos.
But:
By distributing permissions:
- Someone responsible for leaves: Responsibility distribution
- Someone for advances: Task separation
- Someone for salaries: Specialization
- Someone for training: Distribution
- Someone views reports: Analysis
- Someone sees departments only: Limitation
System manages all responsibility differences easily.
10. Permissions Make Employee Training Faster
If each employee sees only pages relevant to them:
- Training becomes easier: Focus
- No confusion occurs: Clarity
- Time decreases by 70%: Time savings
Instead of explaining entire system… explain only each employee's part.
11. Permissions Prevent Critical Human Errors
Example:
- Delete employee: Data loss
- Approve leave by mistake: Errors
- Modify salary unintentionally: Financial problems
- Send announcement to all employees instead of one department: Mistakes
- Delete important documents: Data loss
One wrong permission → can cause major problem.
Therefore Amwaj HR system prevents these errors using very precise permissions.
12. Special Permissions for Reports and Smart Insights
Not every employee should see:
- Turnover rate: Sensitive data
- Department performance: Administrative information
- Salary status: Financial data
- Productivity: Performance indicators
- Absence indicators: Analytics
This data is "administrative" and related to senior decisions.
Permissions prevent regular employees from accessing it.
13. Permissions Support Company Expansion
When company grows:
- Can add departments: Expansion
- And add new roles: Flexibility
- And modify permissions without affecting data: Easy updates
System is designed to be scalable without making code changes.
14. Permissions Help in Audit Log
When each employee has specific permissions:
- System knows who performed each action: Tracking
- Shows accurate reports: Accuracy
- Determines responsible for any modification: Responsibility
This is very important in accounting and legal audits.
15. Very Common Mistakes to Avoid
❌ Giving "Salary Permissions" to Non-Specialized Employee
Might see management salaries.
❌ Giving Delete Permission to Any Employee
Deletion must be very limited.
❌ Placing All Employees on One Role
Breaks security concept and creates chaos.
❌ Deleting Role Linked to Employees
Causes problems in their system access.
❌ Not Updating Permissions After Adding New Module
For example, if you added training → must add training permissions.
Avoiding these mistakes ensures system security and data protection.
Integration with Other Systems
The permissions system integrates with:
1. Departments System
Linking permissions to departments.
2. Employees System
Assigning roles to employees.
3. Reports System
Controlling report access.
4. Smart Insights System
Controlling insights access.
5. Notifications System
Controlling notifications.
Integration with other systems ensures comprehensive system security.
Best Practices
1. Principle of Least Privilege
Give employee only permissions they need.
2. Periodic Review
Review permissions regularly and update them.
3. Task Separation
Separate tasks between employees.
4. Document Permissions
Document all permissions and roles.
5. Test Permissions
Test permissions before implementation.
Applying best practices ensures high security and work efficiency.
Comprehensive Summary
Linking Departments + Permissions + Users
- Departments determine employee "location" within organizational structure: Location
- Roles determine "what they can do" within system: Permissions
- Each employee is assigned to specific department and given appropriate role: Linking
- Ensure data accuracy, system protection, and professional permission management: Security
System works to merge departments and roles to coordinate work, and ensure each responsible person accesses only what they need, which raises security level and improves work flow.
Permission system is the heart of security in Human Resources system. Through it, control is exercised over everything employee sees and everything they can execute. Roles are used to link employees to specific permission level that suits their job and responsibilities within department. Without accurate permission management, company loses control over data, errors increase, and work quality weakens. Therefore, Amwaj HR system provides professional precise permissions that prevent task overlap, and provide highest levels of security and flexibility.