Skip to main content

Security Overview

Workup has a comprehensive security framework that controls what each user can do and what each user can see. Each user is given one or more security roles by the system administrator that defines what they can do.

If a user does not have the permission for an operation (eg Create User), that option will not be available via the user interface. Trying to accessing a specific URL for a page the user does not have access to will raise an error.

If a user does not have any roles assigned, they will have access to the public screens within Workup but will be readonly.

Roles

The main security mechanism is using Security Roles. These are maintained under the Admin - Roles menu and can only be changed by a system administrator. Workup provides a set of basic roles out of the box (Manager, Employee, HR Admin etc) but these can be changed and additional roles created. Each user can be given multiple roles, eg a departmental manager can be given the Employee and Manager roles.

Each role consistes of one or more permissions. Each permission controls a single action or view within the system such as "Maintain My Leave" and "Manage Team Employees". By defining roles with a set of specific permissions you fine tune your security rules and ensure each user is only allowed to do what they shouldbe allowed to.

A new role can be created via the Admin - Roles page and requires a unique name. You can then assign one or more permissions to that role and also assign that role to one or more users. You can also remove permissions from the role and users from the role on this page.

Assigning Roles to a User

As well as assigning roles to a user via the Roles page, it is also possible to assign roles to a user from the Admin - Users page. On the Roles tab, you can add additional roles to the users and also remove existing roles.