Available for the following plans: Lite, Plus, Unlimited HR, Essentials, Engage, Elite, Unlimited HR+Payroll,
Available for the following HR plans: Standard, Premium, Platinum
Available for the following user access level: Admin
Employment Hero provides a highly flexible Permissions feature designed to give you precise control over who sees what across your platform. This powerful capability ensures that your team members have exactly the tools they need to perform their duties—and nothing they do not. Protecting sensitive employee information is not just a preference, it is a major priority. However, becoming a data bottleneck because you are the only one with administrator login rights is exhausting.
With Permissions, you can build a platform that is both secure and scalable, allowing you to delegate operational controls without exposing sensitive records.
This article explains the following:
- Why use Permissions?
- Quick Launch Video
- Getting started with Permissions
- Pro tips to maximise value
- Related features
Why use Permissions?
Balance security with scalability
Protect your most sensitive organisational records while delegating everyday tasks. You can grant access to the exact tools team members need to manage their workflows without making them full platform administrators.
Eliminate administrative bottlenecks
Stop being the sole gatekeeper for templates, onboarding setups, or review cycles. Distributing granular feature permissions empowers trusted process owners to act independently and efficiently.
Highly customised data visibility
Ensure data boundaries match your organisational structure. Restrict or open up visibility based on locations, reporting lines, or specific groups, and easily carve out exclusions for sensitive cohorts like your leadership team.
Quick Launch Video
Getting started with Permissions
Step 1: Create a new custom security group
To begin tailoring access, you must go to your centralised platform settings to establish a new permission group. This is where you lay the operational framework for who the security group applies to.
Guides:
- Grant feature access to employees through Permission settings
- Available features in custom permission settings
Helpful Hint
Navigate to Settings, and under the Security & Access Control section, click Permissions. Here you can see all your existing groups, or click Add Permission to build a new one. You can use a pre-built template (like "Recruitment Manager") or click to configure your own from scratch.
Step 2: Define your data access scope and exclusions
Once your group is named, you will decide exactly whose data this group can interact with. Employment Hero provides granular control over employee boundaries, contractor files, and special leadership exclusions.
Guides:
- Grant feature access to employees through Permission settings
- Available features in custom permission settings
- Platform feature access and user visibility for contractors
Important
You can grant data access to all employees, reporting employees, or specific locations. If you are on an Elite, Unlimited, or Classic Platinum tier, you can also target specific groups or worksites.
Use the Exclusions dropdown to block visibility to specific high-level users (for example, keeping leadership data private). Alternatively, select No Employee Access if you are building a group purely for feature configuration.
Step 3: Configure module and feature permission levels
With your audience scope locked in, you will now determine what actions the group can take. Platform permissions are clearly divided between module-level controls and functional checkboxes.
Guide: Grant feature access to employees through Permission settings
Helpful Hint
Employee-related permissions are grouped by module. You can check individual boxes for View, Modify, Delete, and Use (greyed-out boxes indicate actions that are not applicable).
Step 4: Map general admin and settings permissions
The final phase involves giving non-admin employees access to back-end settings and tools that are usually restricted to full platform admins. This is perfect for dedicated departmental specialists.
Guides:
Important
Use General Permissions to assign administrative capability for specialised business functions. For example, you can grant a Talent Acquisition Manager access to Recruitment Settings, or empower trainers via Certification Settings and Template Management (for document creation) without ever making them a global platform admin.
Pro tips to maximise value
- Leverage the power of exclusions - Keep sensitive files completely private. Even if you give a regional coordinator access to "All Employees" in their location, you can use the Exclusions dropdown to instantly hide your local leadership team.
- Go granular on top tiers - If your plan supports it (Elite/Unlimited/Platinum), do not compromise by giving all-or-nothing access. Granular controls let you allow someone to edit basic employee file fields without automatically exposing complex payroll or compliance items.
- Isolate functional feature access - Use the "No Employee Access" toggle if an employee only needs to build templates or configure backend workflows. This completely separates what features they can use from what data they can see, reducing data security risks.
- Build roles for team specialists - Delegate with confidence by matching platform access to real-world jobs. Give your L&D leader "Learning Administrator" permissions and your recruiters "Recruitment Settings" access so they can manage their own work independently.
Related features
Once you have your Permissions running smoothly, explore these features to build an even stronger, more secure, and decentralised HR function:
- Workflow management - Empower process owners to safely design, publish, and maintain automated operational pathways (such as onboarding or provisioning) without needing full admin rights.
- Employee file approvals - Set up approval processes to ensure that any changes made by employees or managers to sensitive personal details must be reviewed and approved before updating the platform.
- Report building - Grant employees or managers the specific permissions required to build, run, and view tailored reports for their teams while keeping broader company data protected.