User Roles
Introduction
The User Roles system in LeaveHub provides a structured approach to managing user permissions and access levels within your organization. This system ensures that employees have appropriate access to features based on their responsibilities while maintaining security and organizational hierarchy. LeaveHub implements a three-tier role system that allows administrators to assign specific permissions to users based on their job functions and responsibilities. This guide will help you understand each role type and how to manage user roles effectively.
Key capabilities include:
- Defining user access levels based on job responsibilities
- Managing approval workflows through role hierarchy
- Maintaining system security through permission control
- Supporting organizational structure within the system
- Ensuring compliance with data access policies
The Three Role Types in LeaveHub
1. Global Administrator
The Global Administrator role provides comprehensive system access and is reserved for users who need to manage the entire LeaveHub app and organizational settings.
Complete System Access:
✅ Create, modify, and deactivate user accounts
✅ Assign and change user roles across the organization
✅ Manage organizational hierarchy and reporting structures
✅ Configure user access permissions and restrictions
✅ Bulk import/export user data
✅ Audit user activity and access logs
System Configuration:
✅ Set up and modify leave policies organization-wide
✅ Configure holiday calendars and special dates
✅ Manage notification settings
✅ Set up integration with external systems (Microsoft, etc.)
Advanced Analytics and Reporting:
✅ Access all organizational reports and analytics
✅ Generate custom reports across all departments
✅ Export comprehensive organizational data
Security and Compliance:
✅ Manage system security settings and policies
✅ Configure data retention and archival policies
✅ Audit system access and usage patterns
✅ Manage compliance with regulatory requirements
✅ Handle data privacy and protection settings
✅ Configure system alerts and monitoring
High-Level Responsibilities:
⚠️ **Critical System Functions:**
- Complete override capability for any leave decision
- Access to all employee data across the organization
- Ability to modify or delete any system data
- Responsibility for system security and data protection
- Authority to configure organization-wide policies
Important Security Considerations
Global Administrator access should be limited to essential personnel only. Regular audits of Global Administrator assignments are recommended to maintain system security.
2. Leave Approver
The Leave Approver role bridges the gap between regular employees and system administrators, providing supervisory capabilities for team and departmental management.
Enhanced Capabilities:
✅ Approve or reject leave requests for assigned team members
✅ View comprehensive leave history for direct reports
✅ Add comments and feedback when processing requests
✅ Manage team leave calendar and scheduling conflicts
✅ Override leave balances (with appropriate justification)
Communication and Notifications:
✅ Receive priority notifications for pending approvals
✅ Send messages to team members regarding leave decisions
✅ Access team contact information for coordination
Reporting and Analytics:
✅ Generate team leave reports and summaries
✅ View team leave trends and patterns
✅ Export team data for external analysis
✅ Monitor team leave balance utilization
Access Limitations:
❌ Cannot access global administrative functions
❌ Cannot modify system-wide policies or settings
❌ Cannot manage user roles or permissions
❌ Limited to assigned team members only
❌ Cannot override global policy restrictions
❌ Cannot access organization-wide financial reports
3. User (Regular User)
The User role is the foundational access level designed for regular employees who primarily need to manage their own leave requests and access their personal leave information.
Detailed Capabilities:
✅ Submit new leave requests
✅ View personal leave history
✅ Check current leave balances
✅ Edit pending leave requests (before approval)
✅ Cancel future leave requests (within policy guidelines)
✅ Upload supporting documents for leave requests
✅ Receive email notifications about leave status changes
Information Access:
✅ View company holiday calendar
✅ Access leave policy documents
✅ See team calendar (limited view)
✅ Update personal contact information
✅ Change password and security settings
Access Limitations:
❌ Cannot approve or reject other employees' leave requests
❌ Cannot access administrative functions or system settings
❌ Cannot view detailed information about other employees' leave
❌ Cannot modify company policies or holiday calendars
❌ Cannot generate reports beyond personal leave summary
❌ Cannot manage other user accounts or roles
Role Permissions Matrix
| Function Category | User | Leave Approver | Global Administrator |
|---|---|---|---|
| Personal Leave Management | |||
| Submit Leave Requests | ✅ | ✅ | ✅ |
| Edit Own Pending Requests | ✅ | ✅ | ✅ |
| View Own Leave History | ✅ | ✅ | ✅ |
| Cancel Own Future Leave | ✅ | ✅ | ✅ |
| Team Leave Management | |||
| Approve Team Leave Requests | ❌ | ✅ | ✅ |
| View Team Leave History | ❌ | ✅ | ✅ |
| Override Team Leave Balances | ❌ | ✅* | ✅ |
| Generate Team Reports | ❌ | ✅ | ✅ |
| System Administration | |||
| Manage User Accounts | ❌ | ❌ | ✅ |
| Configure Leave Policies | ❌ | ❌ | ✅ |
| Set Up Holiday Calendars | ❌ | ❌ | ✅ |
| Access System Reports | ❌ | Limited | ✅ |
| Manage User Roles | ❌ | ❌ | ✅ |
| System Configuration | ❌ | ❌ | ✅ |
| Data and Reporting | |||
| Personal Leave Reports | ✅ | ✅ | ✅ |
| Team Leave Analytics | ❌ | ✅ | ✅ |
| Organization-wide Reports | ❌ | ❌ | ✅ |
| Financial Impact Analysis | ❌ | ❌ | ✅ |
| Security and Compliance | |||
| Change Own Password | ✅ | ✅ | ✅ |
| Access Audit Logs | ❌ | ❌ | ✅ |
| Configure Security Settings | ❌ | ❌ | ✅ |
| Manage Data Retention | ❌ | ❌ | ✅ |
Last Updated: September 2024 Version: 1.0 Document Type: End User Guide