Skip to main content

Custom User Permissions

Advanced Topic

This is an advanced topic. If you're new to IceHrm, you may skip this section and return later when needed.

IceHrm allows you to create custom user roles with specific permissions. This is useful when you need to grant users access to only certain modules or restrict access to sensitive areas.

Understanding User Roles

User roles define what a user can access in IceHrm. You can:

  • Grant access to specific modules (e.g., only recruitment)
  • Deny access to specific modules (e.g., hide training)
  • Control permissions at the entity level (List, Get, Add/Edit, Delete)
Restricted User LevelUse Case
Restricted AdminAdmin with limited module access
Restricted ManagerManager for specific functions (e.g., recruitment only)
Restricted EmployeeEmployee with minimal access (e.g., attendance only)

Example 1: Restricted Recruitment Manager

Create a manager who can only access recruitment-related modules.

Step 1: Create the User Role

  1. Go to System > Users

  2. Click the User Role tab

  3. Click Add New

  4. Name it "Recruitment Manager"

  5. Configure permissions — select List, Get, Add/Edit, and Delete for:

    • Candidates
    • Interviews
    • Applications

Create User Role

  1. Click Save

Step 2: Assign Modules to the Role

  1. Go to System > Manage Modules

  2. Click the Modules tab

  3. Search for recruitment-related modules (e.g., "Recruitment", "Candidates")

  4. Click Edit on each module

  5. Add the "Recruitment Manager" role to the allowed roles

Assign Module

  1. Save changes for each module

Step 3: Assign the Role to a User

  1. Go to System > Users

  2. Click the User tab

  3. Find the user and click Edit

  4. Set User Level to Restricted Manager

  5. Add the "Recruitment Manager" user role

  6. Set a Default Module (required for the dashboard to work)

Assign Role to User

  1. Click Save
Result

When this user logs in, they will only see recruitment-related modules.

Example 2: Restricted Employee (Attendance Only)

Create an employee account that can only mark attendance — useful for sales staff or field workers.

Step 1: Create the User Role

  1. Go to System > Users

  2. Click the User Role tab

  3. Click Add New

  4. Name it "Sales Person" (or appropriate name)

  5. Configure minimal permissions for attendance entities

  6. Click Save

Step 2: Assign the Attendance Module

  1. Go to System > Manage Modules

  2. Click the Modules tab

  3. Search for "Attendance"

  4. Click Edit

  5. Add the "Sales Person" role

  6. Save changes

Step 3: Create the Restricted Employee Account

  1. Go to System > Users

  2. Click the User tab

  3. Click Add New (or edit existing user)

  4. Set User Level to Restricted Employee

  5. Add the "Sales Person" user role

  6. Set a Default Module (e.g., Attendance)

  7. Click Save

Restricted Employee View

Result

When this user logs in, they only see the Attendance module.

Example 3: Denying Access to a Module

Hide a specific module from certain users — for example, hiding the Training module.

Step 1: Create a User Role

  1. Go to System > Users

  2. Click the User Role tab

  3. Click Add New

  4. Name it descriptively (e.g., "No Training Access")

  5. Click Save

Create Deny Role

Step 2: Add Role to Module's Disallowed List

  1. Go to System > Manage Modules

  2. Click the Modules tab

  3. Search for the module to hide (e.g., "Training")

  4. Click Edit

  5. Find "Disallowed User Roles"

  6. Add the user role you created

Disallow Module

  1. Save changes

Step 3: Assign the Role to Users

  1. Go to System > Users

  2. Click the User tab

  3. Find the user and click Edit

  4. Keep their User Level as Employee (or appropriate level)

  5. Add the "No Training Access" user role

Assign Deny Role

  1. Click Save

Verification

When the user logs in, the Training module will not appear in their menu.

Module Hidden

Quick Reference

Granting Access to Modules

StepAction
1Create a user role with required permissions
2Add the role to target modules in Manage Modules
3Assign the role to user with Restricted user level

Denying Access to Modules

StepAction
1Create a user role (no special permissions needed)
2Add the role to Disallowed User Roles in the module
3Assign the role to the user

Important Notes

Default Module Required

When using restricted user levels, you must set a Default Module. Without it, the user's dashboard will not display correctly.

Best Practices
  • Name roles clearly — Use descriptive names like "Recruitment Manager" or "No Training Access"
  • Test before deploying — Log in as the user to verify they see only the intended modules
  • Document your roles — Keep a record of what each custom role is designed for