Understanding Roles and Permissions
AccuArk uses a role-based access control system with five built-in roles. Every employee is assigned exactly one role, and that role determines what they can see and do throughout the application. This guide explains each role, the permission categories, and how the reporting hierarchy ties it all together.
The Five Roles
Super Admin
The Super Admin role bypasses all permission checks entirely. Users with this role have unrestricted access to every feature, every location, and every piece of data in the system. This role is intended for business owners and top-level administrators. Use it sparingly ÔÇö most day-to-day users should not be Super Admins.
Location Admin
Location Admins have broad management capabilities scoped to the locations they are assigned to. They can manage employees, view reports, configure location settings, and handle most operational tasks at their assigned locations. They cannot access locations they are not assigned to.
Manager
Managers are responsible for their direct reports. They can approve time-off requests, review and approve timecards, manage schedules for their team, and view reports for employees who report to them. The Reports To field on employee profiles determines which manager receives approval requests.
Employee
The Employee role provides self-service access. Employees can view and update their own profile through Program > My Profile, clock in and out, view their schedules, submit time-off requests, and use the Point of Sale system. They cannot view other employees' information or access management features.
Accountant
Accountants have access to financial and payroll features across locations. They can view and manage salary records, run payroll reports, and access compensation data. They do not have general employee management permissions outside of the financial scope.
Permission Categories
Permissions in AccuArk are organized into categories. Here are the key permission codes and what they control:
| Category | Permission | Description |
|---|---|---|
| Employee | EMP_VIEW | View an individual employee's profile |
| Employee | EMP_EDIT | Edit employee profile details |
| Employee | EMP_VIEW_LIST | View the full employee list |
| Salary | EMP_MANAGE_SALARY | Create and edit salary records |
| Time Off | EMP_APPROVE_TIMEOFF | Approve or deny time-off requests |
| Time Clock | TC_CLOCK_SELF | Clock in and out for yourself |
| Time Clock | TC_CLOCK_OTHERS | Clock in and out on behalf of other employees |
| Time Clock | TC_VIEW_ALL_TIMECARDS | View timecards for all employees |
| Time Clock | TC_EDIT_TIMECARD | Edit timecard entries (add, modify, delete punches) |
| Time Clock | TC_APPROVE_TIMECARD | Approve submitted timecards for payroll |
Super Admins bypass all permission checks, so these codes only apply to the other four roles.
Reporting Hierarchy
The Reports To field on each employee's profile creates a management chain that drives approvals:
- When an employee submits a time-off request, it routes to the person listed in their Reports To field
- When a timecard is submitted for approval, the same Reports To person receives the notification
- Managers can only approve requests from employees who report directly to them
Set the Reports To field during employee onboarding under Employees > Add New or by editing the employee's profile later. If Reports To is not set, approval requests go to any Location Admin or Super Admin at that location.
Location-Based Security
Permissions are further scoped by location access. An employee can only interact with data at locations they are assigned to. Even a Location Admin cannot see or manage employees at a location they have not been granted access to. Location assignments are managed from the employee's Location Access tab.
Tips
- Principle of least privilege ÔÇö Assign the lowest role that gives the employee what they need. Most staff should use the Employee role.
- One Super Admin is enough ÔÇö Avoid assigning Super Admin broadly. Use Location Admin or Manager for delegation.
- Review roles periodically ÔÇö When employees change positions or responsibilities, review whether their role still fits.
- Set Reports To for every employee ÔÇö This ensures time-off and timecard approvals route correctly from day one.