Permission Management
Learn how to configure and manage permissions for different roles in your organization using MangoApps, ensuring users have appropriate access to features while maintaining security and data integrity.
Overview
The Permission Management system in MangoApps provides granular control over what actions users can perform and what data they can access. As an administrator, you can define permissions for different roles, ensuring each user has access to exactly what they needβno more, no less. This article explains how to configure and maintain permissions across your organization.
Understanding the Permission System
MangoApps uses a Role-Based Access Control (RBAC) system where:
- Permissions are assigned to Roles (not directly to users)
- Users are assigned to Roles (which grants them the roleβs permissions)
- System Modules control feature availability at the business level
- Navigation visibility is automatically controlled by permissions
The Three Factors of Access
Access to any feature requires all three conditions to be met:
Role Hierarchy and Permissions
Default Roles
MangoApps includes four Default Roles with preset permissions:
| Role | Level | Permissions |
|---|---|---|
| Super Admin | 1 | All permissions (cannot be modified) |
| Administrator | 2 | Organization settings, user management, all operational features |
| Manager | 3 | Team operations, analytics, performance scores, EPMS features |
| Member | 4 | Self-service: own shifts, attendance, timesheets, profile |
Custom Role Permissions
Custom roles can be assigned any combination of permissions, allowing you to create roles like:
- Supervisor: Scheduling view + attendance manage
- HR Coordinator: Users view + leave requests manage
- Compliance Officer: Compliance manage only
Accessing Permission Management
To manage permissions:
- Log in with an Administrator account
- Navigate to Administration β Roles & Permissions
- Find the role you want to configure
- Click the dropdown menu and select Manage Permissions
Configuring Role Permissions
Permission Categories
Permissions are organized by feature area:
Core Operations
| Feature | View | Manage |
|---|---|---|
| Shifts | See schedules and assignments | Create, edit, delete shifts |
| Attendance | View attendance records | Manage exceptions, approve records |
| Timesheets | View timesheet data | Approve, edit timesheets |
| Leave Requests | View leave requests | Approve/deny requests |
People Management
| Feature | View | Manage |
|---|---|---|
| Users | See user profiles | Create, edit user accounts |
| Certifications | View certifications | Manage certifications |
Analytics & Intelligence
| Feature | View | Manage |
|---|---|---|
| Workforce Intelligence | View dashboards | β |
| Performance Scores | View scores | β |
| Analytics | Access reports | β |
Administration
| Feature | View | Manage |
|---|---|---|
| Compliance | β | Configure labor compliance |
| Organization Settings | β | Business configuration |
| System Configurations | β | System-wide settings |
| Settings | β | Business SuperAdmin features |
Setting Permissions
For each feature:
- View Permission: Toggle ON to allow viewing data in this area
- Manage Permission: Toggle ON to allow creating, editing, and deleting
Note: Manage permission typically includes View permission automatically.
How Permissions Control Navigation
The permission system directly controls what appears in the sidebar:
The can_access Check
Each menu item uses a permission check like:
can_access('shifts', 'manage') β Shows Shift Scheduler
can_access('attendance', 'manage') β Shows Attendance Tracker
can_access('compliance', 'manage') β Shows Labor Compliance section
If the check fails, the menu item is hidden from the user.
Example: Manager Permissions
A Manager with default permissions sees:
| Section | Items Visible | Why |
|---|---|---|
| Team Operations | Shift Scheduler, Attendance Tracker, Timesheet Manager | Has manage permissions |
| Insights & Analytics | All analytics dashboards | Has view permissions |
| Workforce Intelligence | Performance Scores | Has view permission |
| Administration | β Hidden | No system_configurations permission |
| Organization Settings | β Hidden | No organization_settings permission |
See Understanding Navigation Visibility for complete details.
Location-Based Permission Scoping
Permissions are automatically scoped by location assignments:
- Users can only access data for their assigned locations
- Managers see data for their locations and subordinate locations
- Administrators see data for all locations in the business
- Super Admins have unrestricted access
Managing Default Role Permissions
Super Admin
- Has all permissions automatically
- Permissions cannot be modified
- Use sparingly (2-3 users recommended)
Administrator
Default permissions include:
- All organization settings
- All user management
- All operational features
- All analytics
Manager
Default permissions include:
- Team operations (shifts, attendance, timesheets)
- Analytics and reporting
- Performance scores
- EPMS features (reviews, goals, feedback)
Note: Managers do NOT have default access to:
- Organization Settings
- System Configurations
- Integrations
Member
Default permissions include:
- View and manage own profile
- View own shifts and schedule
- Submit own attendance
- View own timesheets
- Request time off
Best Practices
Permission Design
- Start with Default Roles: Use built-in roles before creating custom ones
- Follow Least Privilege: Grant only necessary permissions
- Group Related Permissions: If a role needs shifts, they likely need attendance too
- Consider Workflow: Think through what users need to complete their tasks
Security
- Limit Super Admins: Keep to 2-3 trusted users
- Regular Audits: Review permissions quarterly
- Document Changes: Keep records of permission modifications
- Test New Roles: Verify permissions work before wide deployment
Maintenance
- Review on Role Changes: When job responsibilities change, update permissions
- Offboarding: Remove elevated permissions when users leave roles
- Periodic Review: Ensure permissions still match business needs
Troubleshooting Permission Issues
User Canβt Access a Feature
- Check their Role: What organizational role are they assigned?
- Check Role Permissions: Does their role have the permission enabled?
- Check System Module: Is the featureβs module enabled for the business?
- Check Location: Are they assigned to the relevant location?
User Sees Too Much
- Review Role Permissions: Remove unnecessary permissions from their role
- Consider Custom Role: Create a more restricted custom role
- Check for Multiple Roles: User may have permissions from multiple sources
Permission Change Not Working
- User May Need to Refresh: Some changes require page reload
- Check Save: Ensure changes were saved successfully
- Clear Cache: Have user clear browser cache
Auditing Permissions
To review current permission assignments:
- Navigate to Administration β Roles & Permissions
- Click on each role to see its permissions
- Use Import/Export Permissions for a complete matrix
- Review users assigned to each role
Related Resources
- User Roles and Permissions
- Understanding Navigation Visibility
- Role-Based Access Control
- Creating Custom Roles
This article should be updated when:
- New permission types or categories are added
- Default role permissions change
- The permission management interface is updated
- Navigation visibility rules change
- New feature areas requiring permissions are added