Skip to main content

Understanding the Access Control System

The Two-Layer Security System

Your Role: What You Can Do

Think of your role as your job title and the responsibilities that come with it. Your role determines the types of actions you're authorized to perform within the system.

For example:

  • Manager role - Can approve requests and generate reports
  • Employee role - Can submit requests and view personal information
  • Admin role - Can manage user accounts and system settings
  • Director role - Can make cross-departmental decisions
  • Executive role - Has company-wide decision-making authority
  • External role - Has limited access for consultants or vendors

Authorization Channels: What You Can See

Authorization channels work like department access cards. Even if you have the authority to perform certain actions (your role), you can only perform those actions on data and information within your authorized departments or areas.

For example:

  • HR channel - Access to employee records, vacation requests, HR reports
  • Finance channel - Access to financial data, budgets, expense reports
  • IT channel - Access to server information, software licenses, support tickets
  • Sales channel - Access to customer data, sales reports, revenue information
  • Marketing channel - Access to campaign data, marketing metrics, promotional materials

How These Systems Work Together

Both elements must align for you to perform any action. You need:

  1. The right role to have permission to do something
  2. The right authorization channel to access the relevant data

For example, if you're a Manager (role) with HR department access (authorization channel), you can approve vacation requests because you have Manager permissions, but you can only approve requests from HR employees because that's your authorized department. You cannot approve IT equipment requests, even though you have Manager-level permissions, because you don't have IT department authorization.

Real-World Access Examples

Department-Level Access

Sarah - HR Manager

  • Role: Manager
  • Auth Channel: HR
  • Can see: HR employee records, vacation requests, HR budgets, performance reviews
  • Can do: Approve HR vacation requests, generate HR reports, manage onboarding
  • Cannot see: Finance budgets, IT equipment requests, Sales customer data

Mike - IT Manager

  • Role: Manager
  • Auth Channel: IT
  • Can see: Server logs, software licenses, IT tickets, system performance metrics
  • Can do: Approve software purchases, assign IT tasks, resolve technical issues
  • Cannot see: Employee salary information, marketing campaign results

Multi-Department Access

Lisa - Operations Director

  • Role: Director
  • Auth Channels: HR, IT, Operations
  • Can see: HR data, IT infrastructure information, operational metrics
  • Can do: Approve cross-departmental requests, coordinate major initiatives
  • Cannot see: Finance budgets, Sales customer information, Marketing campaign data

David - Regional Manager

  • Role: Manager
  • Auth Channels: Sales, Marketing, Customer Service
  • Can see: Sales reports, marketing campaign effectiveness, customer service tickets
  • Can do: Approve marketing expenditures, review sales performance, handle escalations
  • Cannot see: Payroll data, IT infrastructure details

Company-Wide Access

Jennifer - CEO

  • Role: Executive
  • Auth Channels: ALL departments
  • Can see: Complete financial performance, HR metrics, IT infrastructure, sales results
  • Can do: Approve high-level strategic initiatives, make major financial decisions

Tom - Compliance Officer

  • Role: Auditor
  • Auth Channels: ALL departments
  • Can see: All company data for audit and compliance purposes
  • Can do: Generate compliance reports, identify regulatory issues, conduct audits
  • Cannot do: Approve operational requests or make business process changes

Users with Multiple Roles

Rachel - Department Manager and Project Lead

  • Roles: Manager + Project Manager
  • Auth Channels: HR, IT
  • Combined Permissions: Can approve HR requests and coordinate IT projects
  • Can see: HR department data, IT project information, cross-departmental reports

Kevin - Analyst and Temporary Admin

  • Roles: Analyst + Admin (temporary)
  • Auth Channels: Finance, Sales, Marketing
  • Combined Permissions: Can analyze business data and manage user accounts during migration
  • Temporary Nature: Admin role expires after project completion