Skip to Content
Roles & PermissionsOverview

Roles & Permissions

Elate HRMS uses a role-based access control system with four distinct roles. Each role determines what a user can see and do within the application.

Role Hierarchy

Super Admin (Owner)
    └── HR Admin
        └── Manager
            └── Employee

Higher roles inherit all permissions of lower roles, plus additional capabilities.

Role Details

Super Admin (Owner)

The highest level of access, typically for business owners or IT administrators.

Full access to all features including:

  • All module access
  • Billing and subscription management
  • User management
  • All configuration settings
  • All reports
  • Employee data across the organization

Sidebar Navigation:

  • Dashboard
  • Talent Acquisition (with all sub-pages)
  • Talent Launch (with all sub-pages)
  • Employee Master (Employee Management, Leave, Attendance, Doc Repository, Calendar)
  • Payroll Management (Processing, Loans, Expenses, WPS)
  • Reports (all report types)
  • Document Templates
  • Configuration & Setup (Company, Users, Activity Log, Shifts, Payroll, Leave, Assets, Talent Acquisition, Permissions, Billing)

HR Admin

Designed for HR team members who manage day-to-day HR operations.

Access includes:

  • All HR modules (recruitment, leave, attendance, payroll, etc.)
  • Employee management
  • Report generation
  • Configuration settings (except billing)

Sidebar Navigation (flattened):

  • Dashboard
  • Talent Acquisition
  • Talent Launch
  • Leave Management (direct, not nested under Employee Master)
  • Attendance Management
  • Probation Management
  • Assets Management
  • Exit Management
  • Doc Repository
  • HR Helpdesk
  • Customized Calendar
  • Payroll Management
  • Reports
  • Document Templates
  • Configuration & Setup

Manager

For team leads and department managers who need visibility into their team.

Access includes:

  • Dashboard (team-filtered)
  • Recruitment (for their department)
  • Talent Launch overview
  • Employee Master (limited)
  • Payroll (limited view)
  • Reports (team-specific)
  • Limited configuration access

Employee

Self-service access for individual employees.

Access includes:

  • Dashboard (personal view)
  • My Profile
  • My Leave (apply, check balance)
  • My Attendance (view, request regularization)
  • Loan & Advance (apply)
  • Expense Claims (submit)
  • My Salary (view salary slips)
  • Assets (view assigned assets)
  • Doc Repository (own documents)
  • HR Helpdesk (raise tickets)
  • Calendar (view events)

Module-Based Access

In addition to role-based access, features are gated by subscription modules:

ModuleRoutes Protected
Payroll/payroll/*, /loan-and-advance, /expense-claims, /my-salary
Recruitment/recruitment/*
Helpdesk/hr-helpdesk/*
Assets/asset-management/*
Exit/exit-management/*
Probation/probation-management/*

If a user tries to access a module not included in their plan, they are redirected to the billing page.

How Access Is Enforced

Access control is enforced at multiple levels:

  1. Edge Middleware (Proxy) — Checks subscription status and module access before the request reaches the application
  2. Server Components — Role-based rendering of dashboard pages
  3. API RouteswithTenantAuth() wrapper validates role and module access
  4. Sidebar — Only shows navigation items the user has access to
Last updated on
OverviewOverview