Permissions

Easyteam uses a granular permission system to control access to each workforce management feature.

Permission Types

Refer to the codebase for the canonical list of permissions; the enum below is mirrored here for quick reference.

Feature‑Level Permissions

To control timesheets, use SHIFT_READ, SHIFT_WRITE, SHIFT_ADD, SHIFT_UPDATE to control access for view, add, modify attendance entries actions.
To control schedules use SCHEDULE_READ, SCHEDULE_WRITE for read-only or edit actions on schedules.
New features and modules have their own permission levels. View the types and codebase for more info.

Location Management

Location-based permissions manage access across specific work sites. The LOCATION_READ permission enables viewing all employee data within a location, while LOCATION_ADMIN grants full administrative control over location settings and configurations.

Organization Management

At the highest level, ORGANIZATION_ADMIN provides complete access to manage all locations and settings across the entire organization.

Example: Common Permission Configurations

Granular permission structure in Easyteam

Regular Employee

A standard employee typically only needs access to see their own shifts and view their personal timesheet:

Shift Manager

A location manager needs more comprehensive access to manage their team's schedules, but only in locations they're assigned to:

Regional Manager

Regional managers require full access across multiple locations, without access to the whole organization:

Hierarchical Inheritance Rules

While some permissions imply others (e.g., ORGANIZATION_ADMIN grants LOCATION_ADMIN, which in turn grants shift & schedule rights), best practice is to explicitly list every permission a role requires. Being verbose keeps JWT payloads self‑describing and future‑proofs your integration.

When in doubt, deny by default and add the minimal permission needed.

WARNING

When implementing the payroll module, only render the component to the relevant users and hide it for everyone else.

Need help designing your permission structure? Our team can help you map your organizational roles to the appropriate permission sets and create more granular permissions for your specific use-case.

Permission Types#

Feature‑Level Permissions#

Location Management#

Organization Management#

Example: Common Permission Configurations#

Regular Employee#

Shift Manager#

Regional Manager#

Hierarchical Inheritance Rules#

Permission Types

Feature‑Level Permissions

Location Management

Organization Management

Example: Common Permission Configurations

Regular Employee

Shift Manager

Regional Manager

Hierarchical Inheritance Rules