ClayHR Explores the Human Side of AI in Hiring — Discover, Debate & Learn. Register Now
Unlock valuable insights – Register for our upcoming webinars now!

Understanding the Permission Matrix

The Permission Matrix is one of the foundational components of ClayHR’s Permissions Framework. It provides a centralized, scalable method for defining what different users can view, create, edit, delete, or approve across all modules in the system.

IN THIS ARTICLE:

  1. How the Permission Matrix is Structured
  2. What are User Groups?
  3. How to Setup User Groups
  4. Advanced Settings in Permission Matrix Cells
  5. Why Advanced Permissions Settings Matter
  6. How the Permission Matrix fits into the Permission Framework

1. How the Matrix Is Structured

  • Rows represent individual permissions, typically defined as View or Edit actions for a given module or feature.
  • Columns represent User Groups.
  • Each cell indicates whether a permission is enabled or disabled for that User Group.
  • The same permission can be enabled for multiple User Groups, depending on organizational needs.

2. What Are User Groups?

User Groups are configurable collections of users used to assign permissions efficiently and consistently.

  • Organizations can create any number of User Groups, aligned with roles (e.g., HR Admins, Recruiters, Managers), locations, business units, or any strategic access structure.
  • Any User can belong to any User Group, and users can belong to multiple User Groups simultaneously.
  • A User’s final access in ClayHR is calculated as the sum of all permissions granted by the User Groups they belong to.
    • If any User Group grants a permission, the User receives it.
  • This structure allows organizations to manage permissions at scale, with flexible, layered access that adapts to complex organizational needs.

Default User Groups

ClayHR provides two default User Groups that serve as the foundation of your permission structure:

  • Site Admins → have all permissions enabled by default.
  • Everyone → includes all users automatically and has all permissions disabled by default.

In addition, the system provides several sample User Groups (e.g., HR Admins, Managers, Recruiters) that come with commonly used permissions already enabled to help organizations get started quickly.

3. How to Setup User Groups

Instructions on How to Setup the User Groups

4. Advanced Settings in Permission Matrix Cells

Some cells in the Permission Matrix offer more than a simple enable/disable permission. These cells include Advanced Settings, which allow administrators to enable a permission with scoped restrictions based on organizational boundaries. This provides highly flexible, context-aware control over what users can view or edit.

What Advanced Settings Allow You to Control

When a permission supports Advanced Settings, you may enable it with restrictions based on:

  1. The User’s Own Attributes
    • Own Org Unit – the user can view or act only on people within their Org Unit.
    • Own Location – the user can view or act only on people located in their assigned location.
    • Own Reporting Line – the user can view or act only on people in their reporting hierarchy (direct + indirect reports).
  2. Specific Org Units or Specific Locations
    Advanced Settings also allow permissions to be limited to particular Org Units or Locations, regardless of where the user belongs.
    • For example: If the Directory View permission is restricted to the HR Org Unit, any user in that User Group will only see people in HR, even if they themselves belong to a different Org Unit.

This dual approach provides unmatched precision—permissions can be tied to who the user is, or to the groups they are allowed to access.

Example 1: Limiting by the User’s Own Org Unit

If the Directory View permission is enabled for a User Group but restricted to Own Org Unit:

  • Users will see only the directory entries of people who share their Org Unit.
  • People in other Org Units will not appear at all.
Example 2: Limiting to a Specific Org Unit (e.g., HR)

If Directory View is restricted to the HR Org Unit:

  • Any user in that User Group—regardless of their own Org Unit—will see only employees in HR.
  • This creates controlled visibility into designated departments.

5. Why Advanced Permissions Settings Matter

These nuanced permission controls allow organizations to:

  • Protect sensitive data across divisions or regions
  • Grant managers visibility appropriate to their scope
  • Provide cross-functional teams with access to limited, predefined units
  • Support complex structures such as matrix organizations
  • Enforce strict governance and compliance rules

Advanced Settings turn permissions from simple on/off switches into precision tools for modeling real organizational access logic.

6. How the Permission Matrix Fits Into ClayHR’s Permission Framework

The Permission Matrix acts as the primary access layer, defining broad capabilities across modules. It works in combination with other layers of security, such as:

  • Custom Field–level permissions (for sensitive data)
  • Approval-flow–based permissions (temporary access during workflow steps)
  • Report-level permissions (restricting access to analytics and exports)
  • Object-level access controls (e.g., positions, compensation cycles, requisitions)

Final user access always reflects the combined result of these layers, with the Permission Matrix serving as the foundational baseline.

Register for Upcoming Webinars

Check the webinar series