Roles, permissions, and creating team members

3 min

The system distinguishes between two things: a user is a login account that carries a role defining what it can do, while an employee is an HR record (department, job title, qualifications, documents) that may be linked to an account so its owner can log in — or may remain a record with no account at all.

The eight roles and their permissions

  • 🟣 Organization Owner: The highest permission level within your organization — manages users and the organization profile, and has access to every board.
  • 🔵 Compliance Manager: Leads the audit program (certification cycles, nonconformities, facility audits), has read access to every board, manages indicators, and uses the Advisor.
  • 🟢 HSE Officer: The control room of the safety engine — creates and runs inspections, work permits, incidents, corrective actions, risk assessments, equipment, emergencies, contractors, training, and medical and environmental checks. However, they do not approve the Corrective Action (segregation of duties).
  • 🟠 Internal Auditor: Conducts audits and raises nonconformities, and is the only one who approves or rejects corrective actions — read-only on the rest of the system, so no one signs off on remedying their own work.
  • 🟡 Energy Manager: Responsible for ISO 50001 — energy efficiency measures, meters, readings, targets, and analytics.
  • 🟤 Department Head: A line manager — directs their department's tasks, executes actions assigned to them, approves their team's leave, and reports incidents. (Board membership limits what they can see.)
  • Employee: The worker — reports incidents and hazards, carries out their tasks, and owns their training and leave. Reports an incident but cannot edit it — so they cannot upload evidence for incidents; uploading evidence requires an edit-capable role such as HSE Officer.
  • 👁️ Viewer: Read-only access across the entire system — an observer with no editing rights.

Segregation of duties: The HSE Officer owns and carries out the Corrective Action, but only the Internal Auditor approves it — protecting the integrity of the audit.

Creating a team member (user)

  1. From the sidebar, open Users, then Create User.
  2. Enter the name, email, and password.
  3. Choose one or more roles — the simplest approach is a single role that matches the person's job.
  4. (Optional) Add them to a team.
  5. The account is created inside your organization automatically — you don't choose an organization, since your account is scoped to your own organization.

Choose the role based on what the person actually does: someone who uploads incident evidence needs HSE Officer, not Employee — the Employee role reports an incident without being able to attach evidence to it.

Creating an employee account from the employee form (the easier way)

The fastest approach is to create the account directly while adding the employee — without going through the Users screen:

  1. Open EmployeesAdd Employee (or edit an employee who has no account).
  2. In the Personal Data tab, enter the employee's email, keep the "Create a login account and send an invitation" option enabled, and choose the account role (defaults to "Employee").
  3. Save. The account is created and an activation link is sent to the employee's email so they can set their own password — you never set the password yourself.
  • If the email already has an existing account in your organization, it is linked automatically with no duplication.
  • If the email is already registered under another organization, it is rejected — use a different email (isolation between organizations is intentional in an audit product).
  • For an employee with no account (a competency record only), turn off the "Create a login account" option.

The email is the account's identity, which is why it lives under Personal Data rather than Contact. The Users screen (above) remains for accounts not linked to an employee (such as an external administrator).