Roles & Permissions
Admin, Manager and Employee roles — enforced at the database, not just hidden in the UI.
The problem
In a lot of HR tools, "permissions" mean hiding a button. The data underneath is still reachable, and in a multi-company or multi-team setup, one query can leak another group’s people data.
How we solve it
ASHR.work enforces access at the database layer with row-level security. Every record is bound to a tenant, and the tenant is derived from the signed-in user — never from a URL or a client cookie. Roles decide what you can do; RLS guarantees what you can see.
How it works
- 1
Assign a role
Each person is an Admin, Manager or Employee, which governs the actions and views available to them.
- 2
Isolation by default
Every table is tenant-scoped. Row-level security restricts reads and writes to the caller’s own organisation automatically.
- 3
Auditable actions
Sensitive changes are recorded, so who did what is answerable after the fact.
Why it’s effective
Security you can’t click past
Because isolation is enforced in the database, hiding a button is never the only thing standing between data and the wrong person.
Right-sized access
Managers see their team, employees see themselves, admins run the org — by design.
Accountability
Audit logging on sensitive actions gives a trail when it matters.
What’s live today
- Admin / Manager / Employee roles
- Row-level security tenant isolation on every table
- Tenant derived from the authenticated session, never the URL
- Audit logging on sensitive actions
More in Platform
Reports & Analytics
Headcount, attendance, leave utilisation and approval-rate dashboards.
Mobile App (iOS & Android)
Native mobile apps for employees and managers on the go.
Integrations
Google Workspace, WhatsApp, Zoho, Tally and more (Slack is shipping as its own native app — see below).
Ready to try Roles & Permissions?
Start free in minutes, or book a walkthrough with our team.