Users, User Levels & Supervisors

This guide covers three fundamental concepts in IceHrm: the relationship between Users and Employees, the different User Levels available, and how Supervisors work.

Understanding Users vs Employees

In IceHrm, Users and Employees are two separate entities that work together.

What is a User?

A User is a login account that allows someone to access IceHrm. Users have:

Username and password
Email address
A user level (determines permissions)

Key Point

Admin users do not require an associated employee record. However, all non-admin users (Managers, Employees) must be linked to an employee record.

What is an Employee?

An Employee is a personnel record containing HR information such as:

Personal details (name, date of birth, contact info)
Job information (title, department, salary)
Leave balances and attendance records
Qualifications and documents

Important

Simply adding an employee does not grant them system access. You must also create a corresponding user account for them to log in.

The Relationship

Regular staff member: Requires both a user account (for login) and an employee record (for HR data)
System administrator: Requires a user account, employee record is optional
Historical employee (no system access): Only requires an employee record, no user account needed

User Levels

IceHrm has six user levels that control what users can see and do in the system.

User Levels Overview

The Six User Levels

Admin: Full access to all IceHrm features. Best for HR Directors and System Administrators.
Manager: Can view and manage subordinates, approve requests. Best for Department Heads and Team Leaders.
Employee: Standard access to personal information and requests. Best for regular staff members.
Restricted Admin: Admin access limited to specific modules/permissions. Best for HR Assistants and Payroll Staff.
Restricted Manager: Manager access limited to assigned employees only. Best for Shift Supervisors and Assistant Managers.
Restricted Employee: Minimal access with explicit permissions only. Best for Contractors and Temporary Staff.

Admin vs Manager: Key Differences

Example — Leave Management:

Admin: Can view and manage leave requests for all employees across the organization
Manager: Can only view and approve leave requests for their subordinates

Restricted User Levels

Restricted user levels work the same as their standard counterparts but require explicit permission grants. Users with restricted levels receive no access by default — permissions must be assigned individually.

Use Case

Use restricted levels for external users like temporary recruitment managers who need specific access without broad system permissions.

Changing User Levels

To change a user's level:

Go to System > Users
Click on the user to edit
Change the User Level dropdown
Click Save

Modifying User Levels

Entity-Level Permissions

For fine-grained control, IceHrm supports four types of entity permissions:

List: View collections of records
Get: View individual records
Add/Edit: Create or modify records
Delete: Remove records

These permissions can be configured per user or user level in System > Permissions.

Supervisors

Supervisory relationships determine who can approve requests and view team data.

Direct Supervisors

Any employee can be assigned as the supervisor of another employee. Supervisors can:

View their subordinates via the Employees menu
Approve leave requests, timesheets, and expenses
Access team reports and data

Requirement

To view subordinates in the Employees menu, the supervisor must have Admin or Manager user level.

Assigning a Supervisor

Go to Employees > Employees
Click Edit on the employee record
Select the supervisor in the Supervisor field
Click Save

Indirect Supervisors

An employee can have multiple Indirect Supervisors in addition to their direct supervisor.

Purpose: Indirect supervisors are used in approval workflows — for example, as secondary approvers for leave requests.

Setting Up Indirect Supervisors

Go to Employees > Employees
Edit the employee record
Add indirect supervisors in the Indirect Supervisors field
Click Save

Configuring Leave Approval with Indirect Supervisors

To enable indirect supervisor approval for leave requests:

Go to System > Settings > Leave
Configure the approval workflow to include indirect supervisors
Save your settings

Quick Reference

Creating a New User with Employee Access

Create the employee record at Employees > Employees
Create the user account at System > Users
Link them together by selecting the employee in the user form
Set the user level to Employee (or Manager if they manage others)
Save — login credentials are sent automatically via email

Checklist for Proper Setup

Employee record created with unique Employee ID
User account created with valid email
User linked to the correct employee
Appropriate user level assigned
Supervisor assigned (if applicable)
Indirect supervisors configured (if needed for approvals)

Understanding Users vs Employees​

What is a User?​

What is an Employee?​

The Relationship​

User Levels​

The Six User Levels​

Admin vs Manager: Key Differences​

Restricted User Levels​

Changing User Levels​

Entity-Level Permissions​

Supervisors​

Direct Supervisors​

Assigning a Supervisor​

Indirect Supervisors​

Setting Up Indirect Supervisors​

Configuring Leave Approval with Indirect Supervisors​

Quick Reference​

Creating a New User with Employee Access​

Checklist for Proper Setup​