ClayHR offers a highly granular, configurable, and scalable permissions framework that allows organizations to control exactly who can see, edit, approve, and act on information across the platform. Every organization can create infinite combinations of visibility and access rules—ensuring both security and flexibility, regardless of organizational size or complexity.

ClayHR permissions operate on multiple layers that work together. These are also the layers we recommend setting up the permissions:

• Step 1. Permission Matrix (module-level permissions)
• Step 2. User Groups (broad access control, role-based setups)
• Step 3. Custom-Field-Level Permissions (fine-grained visibility)
• Step 4. Menu Level Access
• Step 5. (Optional) Approval-Flow-Based Permissions (contextual permissions triggered by workflow steps)
• Step 6. (Optional) Report-Level Permissions (visibility and access for specific data outputs)
• Step 7. (Optional) Additional Object-Level Controls (positions, requisitions, compensation items, etc.)

This multi-layered approach gives administrators the ability to configure access globally, by role, by group, by workflow, or all the way down to individual fields or reports.

1. Granularity: From Broad Access to Field-Level Precision

ClayHR’s permissions framework allows you to define access at different depths:

• System-level access through User Groups
• Module- or feature-level access through the Permission Matrix
• Object-level access such as positions, reports, or compensation tools
• Field-level access for sensitive or restricted information
• Workflow-level access based on who participates in an approval step

This granularity ensures that administrators can protect confidential data (e.g., salary information, performance notes) while empowering users with the exact access they need.

2. Configurability: Combine Multiple Permission Layers

Rather than limiting access to one dimension (e.g., "role-based only"), ClayHR enables combinatorial configurations. A user’s final permissions result from the sum of rules coming from:

• Their assigned User Groups
• Any overrides in the Permission Matrix
• Field-level configuration on Custom Fields
• Access provided during approval stages
• Permissions assigned at the report level
• Any object-specific restrictions

This allows HR teams to model real-world organizational structures with complex reporting lines, layered security needs, or mixed responsibilities across teams.

3. Scalability: Build Once, Apply Everywhere

The permissions framework is designed for scaling across large organizations:

• Define reusable User Groups that automatically apply to all assigned users.
• Manage high-level access via the Permission Matrix without customizing each individual user.
• Apply Custom Field permissions globally to ensure consistent data protection.
• Use approval flows to grant temporary or contextual access (e.g., approvers can view only what they need).
• Control access to reports so large sets of dashboards remain secure and relevant.

Whether your organization has 50, 500, or 50,000 users, permissions can be deployed efficiently without repetitive configuration.

4. Infinite Combinations: Model Any Organizational Requirement

Because each permission layer can be combined with others, ClayHR supports:

• Multi-layer reporting structures
• Cross-functional matrix organizations
• Confidential review processes
• Restricted compensation visibility
• Role-specific or region-specific access
• Temporary access based on workflows
• Highly controlled audit and compliance environments

Administrators can create exactly the permission model they need, no matter how simple or complex.

5. Overview of the Core Permission Components

Below is a simple schematic overview of the main components of the permissions framework. Each will be expanded in its own dedicated article:

User Groups: Define broad sets of permissions for groups of users, usually aligned with job roles (e.g., HR Admins, Finance, Managers, Employees).

Permission Matrix: Controls what each User Group can view, create, edit, delete, or approve at the module level.

Permissions on Custom Fields: Allows field-by-field visibility and editability rules—ideal for confidential or specialized data.

Approval Workflows: Grant contextual access only while a user is involved in a specific approval stage (e.g., performance review, time off approval, compensation cycle).

Report-level Permissions: Control who can access specific dashboards, analytics, or exported datasets.

Other object-Level Permissions: Set visibility or editing rules on specific records such as positions, requisitions, or compensation cycles.

Summary

The ClayHR Permissions Framework is:

• Granular — control access from modules down to individual fields
• Configurable — combine multiple layers for precise results
• Scalable — manage permissions efficiently across large organizations
• Flexible — create infinite combinations to match any structure or policy

This introductory article serves as a high-level overview. Each section will link to detailed, step-by-step articles explaining how to configure every permission layer within ClayHR.

‍