Roles and Permissions in Flowtly
Flowtly's Business Management System (BMS) is structured with a robust role-based access control system, allowing granular permissions across different modules. Below is a comprehensive overview of roles and permissions, grouped by module, with insights into the parent-child role hierarchy and functionalities.
Note: Parent roles inherently include the permissions and functionalities of their child roles. Assigning a parent role, such as Employee Manager or Transactions Manager, automatically grants access to all the actions and capabilities of its associated child roles. This eliminates the need to assign child roles separately.
- Admin (ROLE_ADMIN):
- Access to all modules, features, and functionalities in the system without restrictions.
- With this role, no additional roles need to be assigned, as it includes all permissions and functionalities.
1. Employee Management Module
- Parent Role: Employee Manager (ROLE_EMPLOYEES_MANAGER):
- Full access to manage employee records, including creation, updates, deletions, and assigning roles.
- Manages employee-related documents (if paired with ROLE_DOCUMENTS_MANAGER).
- Read-only access to holiday day limits.
- Child Roles:
- Benefits Manager (ROLE_BENEFITS_MANAGER): Manages employee benefits and their configurations.
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View-only access to employee records.
- Schedule Manager (ROLE_SCHEDULES_MANAGER): Full access to manage schedules and schedule ranges within the system.
- Roles Manager (ROLE_ROLES_MANAGER): Full control to create, update, and delete employee records including assigning roles.
2. Agreements Module
- Parent Role: Agreements Manager (ROLE_AGREEMENTS_MANAGER):
- Full access to manage agreements and positions, including creation, updates, and deletions.
- Access to create, update, and delete holiday day limits.
- Child Roles:
- Agreements Uploader (ROLE_AGREEMENTS_UPLOADER): Limited to uploading agreements.
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View-only access to employee details.
- Positions Manager (ROLE_POSITIONS_MANAGER): Oversees position assignments and create positions in general settings.
- Schedule Manager (ROLE_SCHEDULES_MANAGER): Full access to manage schedules and schedule ranges within the system.
Note: To have full functionality, Employee Manager (ROLE_EMPLOYEES_MANAGER) is recommended to be assigned as well.
3. Documents Module
- Parent Role: Documents Manager (ROLE_DOCUMENTS_MANAGER)
- Full access to create, update, and delete document types and documents.
- Permissions are tied to specific relations, allowing management only within assigned contexts (e.g., documents related to clients, employees, or contractors).
- Child Role:
- Documents Viewer (ROLE_DOCUMENTS_VIEWER): View-only access to document types and added files.
4. Holiday Management Module
- Parent Role: Holidays Manager (ROLE_HOLIDAYS_MANAGER)
- Configure standard holiday limits applied across the organization.
- Track and allocate free holiday days.
- Create, update, and delete holiday records for employees.
- Set the number of approvals required for holiday requests.
- Enable and configure integration with Google Calendar for holidays.
- Define organizational limits for holiday days.
- Access the collection of holiday limits applied across the organization.
- Modify holiday types to ensure accurate categorization and management.
- Child Role:
- Holidays Verifier (ROLE_HOLIDAYS_VERIFICATOR): Approves or rejects holiday requests.
5. Projects Module
- Parent Role: Working Hours Manager (ROLE_WORKING_HOURS_MANAGER):
- Manage all aspects of employee working hours, including creation, updates, and deletions.
- Child Roles:
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View access to employee data.
- Working Hours Viewer (ROLE_WORKING_HOURS_VIEWER): View-only access to working hours.
- Parent Role: Projects Manager (ROLE_PROJECTS_MANAGER):
- Full control to create, update, and delete projects.
- Assign and update employee-specific project rates.
- Define and adjust project phases to structure project timelines and deliverables.
6. HR Module
- Parent Role: HR Manager (ROLE_HR_MANAGER):
- Create, update, and delete resource requests.
- Add, update, or remove candidates linked to specific resource requests.
- Create and manage tags associated with resource requests for better categorization and tracking.
- Child Role:
- Candidates Manager (ROLE_CANDIDATES_MANAGER): Handles candidate recruitment and tracking. Full control over candidate records and notes, including adding, updating, and deleting. Create, assign, and modify recruitment tasks.
- Parent Role: Feedback Supervisor (ROLE_FEEDBACK_SUPERVISOR): Allows access to feedback that is not visible to other roles.
- Child Role:
- Feedback Manager (ROLE_FEEDBACK_MANAGER): Create, update, and delete feedback requests.
- Parent Role: Meeting Manager (ROLE_MEETING_MANAGER): Manages organizational meetings. Full access to create, update, and delete feedback requests. Read-only access to agreements for reference.
- Child Role:
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View access to employee data.
- Responsibilities Manager (ROLE_RESPONSIBILITIES_MANAGER): Full control to create, update, and delete responsibilities .Assign, update, and remove responsibilities linked to employees.
7. Resource Booking Module
- Parent Role: Properties Manager (ROLE_PROPERTIES_MANAGER):
- Manage all properties, including adding, updating, and deleting property records.
- Oversee property bookings, including creating, updating, and canceling reservations.
- Child Role:
- Locations Manager (ROLE_LOCATIONS_MANAGER): Oversees location details and creates locations.
8. Budget Module
- Parent Role: Budgets Manager (ROLE_BUDGETS_MANAGER):
- Full control to create, update, and delete budget records.
- Assign, update, and remove employees linked to budgets.
- Organize and manage groups of budgets for categorization and tracking.
- Handle financial transactions within budgets, including allocation and adjustments.
- Child Role:
- Budgets Viewer (ROLE_BUDGETS_VIEWER): Read-only access to budgets, contractors, employees, groups, projects, and transactions associated with budgets.
Note: To attach a specific project or its phase, income, or transaction to a budget, the user must combine the Budget Manager role with Project Manager, Income Manager, and Transaction Manager roles for full functionality.
9. Invoices Module
- Parent Role: Incomes Manager (ROLE_INCOMES_MANAGER):
- Handle financial transactions related to income, including creation and updates.
- Full access to manage income data comprehensively.
- Add, modify, and remove specific income rows.
- Child Roles:
- Incomes Viewer (ROLE_INCOMES_VIEWER): View-only access to income data.
- Banks Manager (ROLE_BANKS_MANAGER): Full control to add, update, and remove bank information and bank accounts.
- Clients Manager (ROLE_CLIENTS_MANAGER): Full access to create, update, and delete client records, with complete access to manage client-related documents if the ROLE_DOCUMENTS_MANAGER permission is assigned.
10. Costs Control Module
- Main Parent Role: Transactions Manager (ROLE_TRANSACTIONS_MANAGER): Full control over all transactions.
- Child Roles:
- Banks Manager (ROLE_BANKS_MANAGER): Full control over bank accounts and bank details. Access specific URLs for bank-related actions (costs chart).
- Costs Analyst (ROLE_COSTS_ANALYSER): Analyze cost data using visual representations and metrics.
- Payment Due Viewer (ROLE_PAYMENT_DUE_VIEWER): View-only access to payment schedules.
- Attachment Uploader (ROLE_TRANSACTION_ATTACHMENT_UPLOADER): Uploads transaction-related attachments.
- Parent role: Accountancy Viewer (ROLE_ACCOUNTANCY_VIEWER): View-only access to accountancy data.
- Child Roles:
- Banks Manager (ROLE_BANKS_MANAGER): Full control over bank accounts and bank details. Access specific URLs for bank-related actions (costs chart).
- Costs Analyst (ROLE_COSTS_ANALYSER): Analyze cost data using visual representations and metrics.
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View access to employee data.
- Benefits Viewer (ROLE_BENEFITS_VIEWER): View-only access to employee benefits.
- Parent Role: Agreements Manager (ROLE_AGREEMENTS_MANAGER):
- Full access to manage agreements and positions, including creation, updates, and deletions.
- Access to create, update, and delete holiday day limits.
- Child Roles:
- Agreements Uploader (ROLE_AGREEMENTS_UPLOADER): Limited to uploading agreements.
- Employees Viewer (ROLE_EMPLOYEES_VIEWER): View-only access to employee details.
- Positions Manager (ROLE_POSITIONS_MANAGER): Oversees position assignments and create positions in general settings.
- Schedule Manager (ROLE_SCHEDULES_MANAGER): Full access to manage schedules and schedule ranges within the system.
- Child Roles:
- Child Roles:
Roles not tied to specific Modules
The following roles do not belong to any specific module but provide system-wide or specialized permissions:
- Taxes Manager (ROLE_TAXES_MANAGER): Oversees tax-related settings and configurations.
- Taxes Viewer (ROLE_TAXES_VIEWER): View-only access to tax data.
- Currencies Manager (ROLE_CURRENCIES_MANAGER): Manages currency settings.
- Conditions manager (ROLE_CONDITION_MANAGER): Manages system rules for costs, tax configurations, section orders, and necessary or slight-cost tolerances.
- Countries manager (ROLES_COUNTRIES_MANAGER): Manages country-specific configurations
- Languages manager (ROLE_LANGUAGES_MANAGER): Handles system languages.
- Organization users manager (ROLE_ORGANIZATION_USERS_MANAGER): Can view and delete organization user accounts.