Documentation

Access Policies

Create permission groups, assign staff to access levels, configure granular permissions, and understand how policies control feature access.

Understanding Access Policies

Access Policies control what each user can see and do within Workforce Intelligence. Rather than assigning permissions individually, you create permission groups with specific access levels and then assign staff to those groups.

Access policies apply to admin/management users who access the Workforce Intelligence backend. Regular staff interact only through the self-service portal which has its own fixed permission set.

Creating Permission Groups

Navigate to Workforce > Settings > Access Policies.

  1. Click Create Permission Group
  2. Enter group name (e.g., "HR Manager", "Department Head", "Payroll Officer", "Receptionist")
  3. Enter description explaining the group's purpose
  4. Select permissions from the available list (see below)
  5. Click Save Group

Suggested Groups

  • Super Admin — Full access to all features and settings
  • HR Manager — Staff management, documents, performance, but no payroll approval
  • Payroll Officer — Run and approve payroll, view compensation data
  • Department Head — View own department staff, approve leave, manage schedules
  • Training Coordinator — Manage assessments, question bank, and training assignments
  • Front Desk — View directory, manage attendance, basic staff lookup

Assigning Staff to Groups

  1. Open a permission group
  2. Click Add Members
  3. Search and select staff members from the directory
  4. Click Assign

A staff member can belong to multiple permission groups. Their effective permissions are the union (combination) of all assigned groups — if any group grants a permission, the user has it.

Available Permissions

Staff Management

  • staff-register — Register new staff members
  • staff-edit — Edit existing staff profiles
  • staff-view — View staff directory and profiles
  • staff-status-change — Change staff status (suspend, terminate, reactivate)
  • staff-delete — Permanently delete staff records (use with extreme caution)

Documents

  • documents-generate — Generate official letters
  • documents-upload — Upload documents to staff profiles
  • documents-deliver — Deliver documents to staff portal
  • documents-view — View all staff documents

Scheduling & Attendance

  • shifts-manage — Create, edit, and delete shifts
  • shifts-assign — Assign staff to shifts
  • attendance-view — View attendance records and analytics
  • attendance-settings — Configure clock-in rules and geofencing
  • swap-approve — Approve or reject shift swap requests

Training

  • training-manage — Create and edit assessments
  • training-assign — Assign assessments to staff
  • training-results — View assessment results and analytics
  • question-bank — Manage the question bank

Performance

  • performance-manage — Create review cycles and criteria
  • performance-review — Submit reviews for assigned staff
  • performance-view-all — View all performance data (not just own reports)

Payroll

  • payroll-setup — Configure grade structures and salary profiles
  • payroll-run — Generate payroll runs
  • payroll-approve — Approve payroll and mark payments
  • payroll-view — View payroll reports and history

Assets

  • assets-manage — Add, edit, and retire assets
  • assets-assign — Assign and unassign assets to staff
  • assets-view — View asset register and reports

Communications

  • announcements-publish — Create and publish announcements
  • announcements-approve — Approve pending announcements
  • messages-send — Send direct messages to staff

Reports & Settings

  • reports-view — Access the Reporting Center
  • reports-export — Export reports to PDF/Excel/CSV
  • settings-manage — Modify organization settings
  • access-policies-manage — Create and modify permission groups

Admin Bypass

The organization's primary admin account (the account that created the Workforce Intelligence subscription) has full unrestricted access to all features regardless of permission group assignments. This ensures there is always at least one account that can recover from misconfigured access policies.

The admin bypass cannot be revoked. If you need to restrict the primary admin's access, create a separate user account for daily operations and reserve the primary admin for emergency access only.

How Policies Interact with Features

Understanding how permissions affect the user experience:

  • Menu Visibility — Sidebar menu items are hidden for features the user has no permissions for. Users only see what they can access.
  • Action Buttons — Even within visible pages, action buttons (Edit, Delete, Approve) are hidden if the user lacks the specific permission.
  • Data Scope — Some permissions can be scoped to a department. A Department Head with "staff-view" sees only their own department's staff, not the entire directory.
  • API Enforcement — Permissions are enforced at the API level. Even if a user manipulates the frontend, the server rejects unauthorized actions.
  • Audit Trail — All permission-denied attempts are logged for security review.

Department-Scoped Permissions

When creating a permission group, you can optionally restrict its scope:

  • Organization-wide — Permissions apply to all staff across all departments and branches
  • Department-only — Permissions apply only to staff within specified departments
  • Branch-only — Permissions apply only to staff at specified branches

This allows you to create a "Lagos Branch Manager" group that has full management permissions but only for staff at the Lagos branch.