All modules
PlatformAvailable

Roles & Permissions

Admin, Manager and Employee roles — enforced at the database, not just hidden in the UI.

The problem

In a lot of HR tools, "permissions" mean hiding a button. The data underneath is still reachable, and in a multi-company or multi-team setup, one query can leak another group’s people data.

How we solve it

ASHR.work enforces access at the database layer with row-level security. Every record is bound to a tenant, and the tenant is derived from the signed-in user — never from a URL or a client cookie. Roles decide what you can do; RLS guarantees what you can see.

How it works

  1. 1

    Assign a role

    Each person is an Admin, Manager or Employee, which governs the actions and views available to them.

  2. 2

    Isolation by default

    Every table is tenant-scoped. Row-level security restricts reads and writes to the caller’s own organisation automatically.

  3. 3

    Auditable actions

    Sensitive changes are recorded, so who did what is answerable after the fact.

Why it’s effective

Security you can’t click past

Because isolation is enforced in the database, hiding a button is never the only thing standing between data and the wrong person.

Right-sized access

Managers see their team, employees see themselves, admins run the org — by design.

Accountability

Audit logging on sensitive actions gives a trail when it matters.

What’s live today

  • Admin / Manager / Employee roles
  • Row-level security tenant isolation on every table
  • Tenant derived from the authenticated session, never the URL
  • Audit logging on sensitive actions

Ready to try Roles & Permissions?

Start free in minutes, or book a walkthrough with our team.