Roles & permissions (RBAC)
VipraGo enforces five role tiers plus granular per-user overrides — in the backend, not just the UI. This guide explains the model and how to customize it safely.
The five tiers
- Super admin — platform operator (Vipra Software); not used inside your org.
- Admin — full organization access: settings, payroll, all modules.
- Manager — team scope: their reports' attendance, leave approvals, and (only if org policy enables it) team salary visibility.
- Member — self scope: own profile, payslips, leave, tasks, claims.
- Viewer — read-only directory/project visibility for auditors or stakeholders.
Scoped permissions
- Permissions carry scopes — :self, :team, :assigned — enforced in backend queries, so hiding a button is never the only protection.
- Example: a manager's “attendance:read:team” returns only their reports' records, regardless of what the client requests.
Per-user overrides
- Control Center → Permissions: grant or revoke individual permissions on top of role defaults (e.g., give an HR executive payroll read without admin).
- Overrides are org-scoped, take effect immediately, and are audit-logged.
VipraBot & permissions
- VipraBot inherits the requesting user's permissions — a member asking “show all salaries” is refused exactly as the UI would refuse.
- Sensitive bulk actions require confirmation and respect approval workflows.
Tips
- Audit the permission matrix quarterly: Control Center exports who-can-do-what as CSV.
FAQ
- Can employees see each other's salaries?
- No. Salary data requires admin-level payroll permissions; managers see team salary only if your organization explicitly enables that policy.
- What happens when someone changes roles?
- Update the role on their profile — scopes adjust immediately; their historical actions remain attributed in the audit log.