Skip to content

Roles & Permissions

Access is controlled by roles. A role is a named bundle of permissions; you assign roles to users.

Assign a role to a user

  1. Open Administration → Access Control (or Users).
  2. Find the user and open Assign Roles.
  3. Tick the roles to grant, then Save.

Roles are scoped to a tenant

You can only assign roles that belong to your own workspace. Platform-only roles (super-user / platform admin) are never assignable to tenant users.

How permissions are organised

  • Every screen/action declares a permission like RECRUITMENT:CANDIDATE:READ or HR:EMPLOYEE:UPDATEmodule : resource : action.
  • Permissions are discovered automatically from the app, so new features show up in the permission picker without manual wiring.
  • A handful of platform roles bypass per-permission checks (super-user, platform admin); everyone else is checked at every action.

Baseline roles

New tenants are seeded with baseline roles (e.g. Candidate, Agent, Employee) so invited users land with the right access immediately. Build custom roles on top for finer control.

Least privilege

Grant the narrowest role that lets someone do their job. Use Impersonate (platform admins) to verify what a role can actually see.