Permissions & Access Control
WorkForce uses Role-Based Access Control (RBAC) to manage what users can see and do.
Role Hierarchy
Admin (full access)
└── HR (organization-wide)
└── Manager (team-level)
└── Employee (self-service)
Permission Matrix
Attendance
| Action | Employee | Manager | HR | Admin |
|---|---|---|---|---|
| Check in/out (self) | ✅ | ✅ | ✅ | ✅ |
| View own attendance | ✅ | ✅ | ✅ | ✅ |
| View team attendance | ❌ | ✅ | ✅ | ✅ |
| View all attendance | ❌ | ❌ | ✅ | ✅ |
| Manual correction | ❌ | ❌ | ✅ | ✅ |
Requests
| Action | Employee | Manager | HR | Admin |
|---|---|---|---|---|
| Submit requests | ✅ | ✅ | ✅ | ✅ |
| View own requests | ✅ | ✅ | ✅ | ✅ |
| Approve team requests | ❌ | ✅ | ✅ | ✅ |
| Approve all requests | ❌ | ❌ | ✅ | ✅ |
| Cancel own requests | ✅ | ✅ | ✅ | ✅ |
Administration
| Action | Employee | Manager | HR | Admin |
|---|---|---|---|---|
| View employees | ❌ | Team | ✅ | ✅ |
| Add/edit employees | ❌ | ❌ | ✅ | ✅ |
| Manage departments | ❌ | ❌ | ✅ | ✅ |
| Manage shifts | ❌ | ❌ | ✅ | ✅ |
| Configure workflows | ❌ | ❌ | ❌ | ✅ |
| System settings | ❌ | ❌ | ❌ | ✅ |
| Manage subscriptions | ❌ | ❌ | ❌ | ✅ |
Reports
| Action | Employee | Manager | HR | Admin |
|---|---|---|---|---|
| View own reports | ✅ | ✅ | ✅ | ✅ |
| View team reports | ❌ | ✅ | ✅ | ✅ |
| View all reports | ❌ | ❌ | ✅ | ✅ |
| Export reports | ❌ | ✅ | ✅ | ✅ |
Multi-Tenant Data Isolation
WorkForce is a multi-tenant SaaS platform. Each organization's data is completely isolated:
- Every database query is scoped by tenantId
- Users can only access data within their own organization
- Admin and HR of one tenant cannot see data from another tenant
- API endpoints enforce tenant boundaries at the middleware level
Best Practices
- Principle of least privilege — Assign the minimum role needed
- Limit admin accounts — Only a few trusted users should have Admin role
- Regular audits — Review role assignments quarterly
- Manager assignments — Ensure every employee has a department with a manager for proper approval routing