Role-Based Access Control

Role-Based Access Control

What is Role-based Access Control?

Role-Based Access Control (RBAC) is a feature that restricts system access among its users. Each role is defined by sets of permission that grants access to authorized users. This ensures users can only access information and system components relevant to do their job in terms of managing employee records, attendance, and payroll. This feature protects sensitive information to be modified by users without the necessary access permissions.

User Role

A User Role determines permissions that enable a user to perform specific groups of tasks. In Salarium, there are two types of User Roles that can be assigned to users:

System-defined Role
User-defined Role
  1. Default roles with varying user-level system access
  2. Ready-to-assign user role with a default set of permission
  3. Cannot be edited or deleted
  1. Roles with customized system access restriction
  2. The defined set of permissions for each role is relevant to the user's specific job requirements
  3. Can be edited or deleted


Permission is the overlapping result of configured scope and action that defines a User Role. When creating custom roles, setting permissions are defined by configuring two aspects of control within a role:

Default Permissions under System-Defined Roles

The table below shows the list of system-defined user roles with default permissions. Each set of permission under each role enables and limits a user's access to certain pages in Salarium. These permissions cannot be edited nor deleted. User roles that do not display the same permissions as below fall under user-defined roles.

Defining Permissions when Creating a User-defined Role

Creating a user-defined role is defining a set of permission that authorizes a user to access the pages and information relevant to the job. To ensure a smooth process when creating a custom role, it is best to be guided with the following questions:

  1.  Role Name: Defining the Role Name says something about why a certain user should be created and for what purpose. Planning ahead and considering the necessity of creating the role helps streamline the scope and action the role should have.
  2. Company Scope: Selecting which companies that can be accessed by the role should be identified. 
  3. Other Scopes: Defining other scopes include allowing access to each company's Departments, Positions, Location, Payroll Group, and Teams.
  4. Actions: Defining a set of allowed function a role can perform within a specific scope

Create New User Role

Creating a new user role involves the setting of permission that defines a user’s system access.  A set of permission is a combination of scope and action. In which, scope refers to a part of the system a user can access, while action limits what can be done within a defined scope. 

To create a new custom role:
  1. From the Top Navigation, go to User Menu > Control Panel > Roles.

      2. Click on Create New Role.
      3. Enter desired Role Name.

      4. Select Company Scopes. Choose among the following options:
            aTick on All Companies to access all companies under the account.

            b. Click on the dropdown arrow to reveal options

            c. Enter the company name’s first few characters to trigger auto-suggestion.

      5. Select Other Scopes. Choose among the following options:
            a. Tick on the scopes to be included. This will include all selected scope under each company.
            b. Left-click on the Other Scopes to trigger auto-suggestions. Clicking on the area displays all scope items under each company. Select the item/s to include.
            c. Enter the first few characters of the items to be included to trigger auto-suggestion. Click on the item/s to include.

      6. Once done setting up the permissions under each portion, click on Save.
           Note: Repeat the same procedure with other portions.

      7.  Click on Create to finalize user role permissions.

Successfully added User Role will be displayed on the User Role list. User Roles that appear on the list are ready to be assigned upon adding a new user or updating an existing user role.

Edit User Role

To edit an existing user role:
  1. From the Top Navigation, go to User Menu > Control Panel > Roles.

      2.  Locate the User Role you would like to edit, then click on the Edit button. Use the search bar to easily locate the User Role. 

      3. Click on the Edit button next to the Permission you would like to edit. The permission setup expands.

      4. Edit the Company Scope, Other Scope, and Authorized Actions, then click on Save once done. The page redirects to the Edit User Role page.
      5. Once done updating the permissions, click on Update to save overall changes. These changes on permissions apply in real-time.

Delete User Role

To delete a user role:
  1. From the Top Navigation, go to User Menu > Control Panel > Roles.

      2.  Locate the User Role you would like to edit, then click on the Delete button. Use the search bar to easily locate the User Role. 

      3. A dialog box appears to confirm the action. Click on Yes to proceed with deleting the User Role.

Deleting a user role that is currently assigned to a user cannot be deleted.

Assign Role Upon Adding A New User

To assign a role upon adding a new user:
1. From the Top Navigation, go to the User Menu > Control Panel > Users.

2. Click on Add New User.

3. Select a User Role from the dropdown options.
4. Fill out the following fields:
  1. Last Name
  2. First Name
  3. Middle Name
  4. Email Address

5. Assign a Subscription License by ticking on the switch across.

6. Click on Submit to finalize assigning a user to the newly added user.

Change User Role of an Existing User

To change the user role of an existing user:
      1. From the Top Navigation, go to the User Menu > Control Panel > Users.

      2. Locate the user that you would like to update from the User List. Click on the View button next to the user's name.

       3.  Upon landing on the User Details page of the selected user, click on the Edit button found at the bottom of the page.

      4. Select the User Role you would like to switch to from the User Role dropdown options.

      5. Once the new role has been selected, click on Update.

  1. The user should be able to access pages and execute actions that define the user role on the next login.
  2. Advise the user to clear the cache under the browsing history to capture recent changes with the user role.