Permission Management

Learn how to configure and manage permissions for different roles in your organization using the Shifts platform, ensuring users have appropriate access to features while maintaining security and data integrity.

Overview

The Permission Management system in Shifts provides granular control over what actions users can perform and what data they can access. As an administrator, you can define permissions for different roles, ensuring each user has access to exactly what they need—no more, no less. This article explains how to configure and maintain permissions across your organization.

Understanding Permission Types

The Shifts platform uses two distinct but interconnected permission systems:

System Permissions

• Control access to platform-wide features and administrative functions
• Managed by System Administrators and Super Administrators
• Apply across all businesses in a multi-business environment
• Include permissions for user management, system configuration, and global settings

Organizational Permissions

• Control access to business-specific features and data
• Managed by Business Administrators
• Apply only within a specific business
• Include permissions for shifts, scheduling, reporting, and operational functions

Role Hierarchy and Permission Inheritance

Permissions in Shifts follow a hierarchical structure based on roles:

1. System Roles (highest to lowest):
   • Super Administrator
   • System Administrator
   • Business Administrator
   • Manager
   • Employee
2. Organizational Roles (customizable within each business):
   • Executive
   • Director
   • Regional Manager
   • Location Manager
   • Supervisor
   • Team Lead
   • Staff

Permissions typically flow downward in the hierarchy, with higher roles having access to everything lower roles can access, plus additional permissions appropriate to their responsibilities.

Accessing Permission Management

To manage permissions:

1. Log in with an administrator account
2. Navigate to Admin in the main menu
3. Select Roles & Permissions
4. Choose either:
   • System Roles (for system-wide roles)
   • Organizational Roles (for business-specific roles)

The appropriate permission management interface will display based on your selection.

Managing System Role Permissions

To configure system role permissions (requires System Administrator or higher):

1. Navigate to Admin > Roles & Permissions > System Roles
2. Select the role you want to modify
3. You’ll see a matrix of features and actions with checkboxes
4. Each row represents a feature (Users, Businesses, System Settings, etc.)
5. Each column represents an action (View, Create, Edit, Delete, Manage)
6. Check or uncheck boxes to grant or revoke permissions
7. Click Save Changes when finished

Note that some system roles (like Super Administrator) have fixed permissions that cannot be modified.

Managing Organizational Role Permissions

To configure business-specific role permissions:

1. Navigate to Admin > Roles & Permissions > Organizational Roles
2. Select the role you want to modify
3. You’ll see a similar permission matrix for business features
4. Configure permissions by checking or unchecking boxes
5. For each permission, set the inheritance mode (explained below)
6. Click Save Changes when finished

Understanding Permission Inheritance Modes

When setting organizational role permissions, you can control how permissions extend to subordinates using inheritance modes:

1. Self Only: Permission applies only to the user’s own data and actions
2. Direct Reports: Extends to the user and their immediate subordinates
3. Full Hierarchy: Extends to the user and all subordinates at any level below them
4. Custom Depth: Extends to a specific number of levels in the hierarchy

For example, a Regional Manager with “View Shifts” set to “Full Hierarchy” can see shifts for all locations under them, while “Self Only” would limit them to just their own assigned shifts.

Creating Custom Organizational Roles

To create a custom role for your business:

1. Navigate to Admin > Roles & Permissions > Organizational Roles
2. Click Add New Role
3. Enter a name for the role
4. Set the role level (determines hierarchy position)
5. Choose a system role to link it with (optional)
6. Configure permissions for the new role
7. Click Create Role

Custom roles allow you to tailor permissions to your specific organizational structure and needs.

Location-Based Permission Scoping

The Shifts platform automatically scopes permissions based on location assignments:

1. Users can only access data for locations they’re assigned to
2. Managers see data for their assigned locations and subordinate locations
3. Regional managers see data for all locations in their region
4. Business administrators see data for all locations in their business

This location-based scoping applies automatically in addition to explicit permissions.

Permission Feature Categories

Permissions in Shifts are organized into these main categories:

People Management

• User profiles and personal information
• Team management
• Role assignments
• Location assignments

Scheduling

• Shift creation and management
• Schedule templates
• Shift assignments
• Schedule publication

Time & Attendance

• Time clock access
• Attendance records
• Break management
• Timesheet approval

Reporting & Analytics

• Standard reports
• Custom reports
• Dashboards
• Data exports

Administrative

• Business settings
• Location management
• System configuration
• Integration management

Best Practices for Permission Management

For optimal security and efficiency when managing permissions:

1. Follow the principle of least privilege: Grant only the permissions users need to perform their jobs
2. Use role templates: Create standardized permission sets for common roles
3. Audit regularly: Review permissions quarterly to ensure they remain appropriate
4. Document your schema: Maintain documentation of your permission structure
5. Consider hierarchy: Use inheritance modes appropriately to reduce administration overhead
6. Test thoroughly: Verify permissions work as expected when making changes
7. Phase changes: Implement major permission changes in stages to minimize disruption
8. Communicate clearly: Inform users when their permissions change

Auditing Permissions

To review who has what permissions:

1. Navigate to Admin > Reports > User Permissions
2. Use filters to focus on specific roles, features, or users
3. Export the report for detailed analysis or documentation
4. Review for potential security issues or inconsistencies

Regular permission audits help maintain security and ensure appropriate access levels.

Troubleshooting Permission Issues

If users report access problems:

1. Check their assigned role in their user profile
2. Verify the permissions granted to that role
3. Check location assignments for location-scoped features
4. Review any custom permission overrides on the user
5. Check if the feature requires multiple permissions working together
6. Verify business security settings that might restrict access

Most access issues can be resolved by carefully examining the role, permissions, and location assignments.

Related Resources

• Role Based Access
• Location Managers
• System Roles
• Organizational Hierarchy

This article should be updated when:

1. New permission types or categories are added
2. Changes to the permission inheritance model are made
3. The permission management interface is updated
4. Additional roles are added to the system
5. Location-based permission scoping rules change