Who should see what? Setting up access roles for your team
Not every manager needs to see everything, and not every viewer should be able to edit. Here's how to think about access without overcomplicating it.
Access control sounds like a technical problem. In practice, it's a people problem. The question isn't how to configure permissions - it's who should be trusted with what information, and why.
Most small management teams overthink this. The common case is simple: some people need to read and write, some need to read, and a small number need to manage the system itself.
The three roles that cover almost every case
Admin
Can do everything: add employees, delete records, manage team members, change settings, and access billing. There should be very few of them. Admin access is not a reward for seniority - it's a responsibility.
Manager
Can read all employee records and notes, write new notes, and update employee information. They need full read access - partial access undermines the entire purpose of a shared system.
Viewer
Can read employee records and notes but cannot add or edit anything. Typically executives, board members, or HR leads who need visibility without the risk of modifying records.
The access mistakes organisations make
Giving admin access too freely. When too many people have admin access, accountability becomes diffuse and changes happen without oversight.
Restricting manager access too much. Partial access is often worse than no access, because it creates a false sense of information completeness.
Not reviewing access at all. People change roles. Someone who had admin access because they set up the system shouldn't still have it two years later.
Rule of thumb: When someone leaves the management team, remove their access that week. Not eventually - that week.