How to: Add a Staff Member and Configure Permissions
Modules involved: HR & Workforce → Staff · HR & Workforce → Roles
Who uses it: IT admin, HR admin
Time required: ~5 minutes per person
Overview
Every person who logs into the platform needs a Staff account. Access is controlled through Roles — a role bundles a set of module-level permissions (view, create, edit, delete) that is then assigned to staff members. Assigning a role is faster and more auditable than setting permissions per person.
Create your roles first (Step 1), then add staff (Step 2). Starting with staff and setting permissions individually is harder to maintain — a role change later requires editing every person instead of one role definition.
Step-by-step
1. Verify or create the right role
Navigate to HR & Workforce → Roles. Check whether a role matching the new person's job function already exists (e.g. "Sales Agent", "Finance Viewer", "Warehouse Operator").
If no suitable role exists, click Add Role:
- Give the role a clear name (e.g. "Sales — Full Access" or "Finance — Read Only")
- Go through each module section and set the permission level: None, View, Create, Edit, or Delete
- Save the role
Permission levels are cumulative downward: Edit includes Create and View; Delete includes everything. "None" hides the module from the sidebar entirely.
2. Add the staff member
Navigate to HR & Workforce → Staff → Add Staff.
Fill in:
- First name, last name — used in activity logs and documents
- Email — this becomes the login username; must be unique
- Department — for reporting and notification routing
- Role — select the role from Step 1
Optional fields:
- Phone, address (for HR profile)
- Profile picture
- Hourly cost (for project margin calculations)
3. Send the invitation
Click Save (or Save & Invite). The platform sends an activation email to the address provided. The staff member must click the link in the email to set their password and activate the account.
The activation link expires after 48 hours. If the new employee misses it, go to their Staff record and use Resend Invitation — do not create a duplicate account.
4. Verify access
Ask the new staff member to log in and confirm they can see the correct modules and cannot access restricted ones. If something is wrong, check:
- The role assigned matches what you intended
- The role's permissions for the flagged module are set correctly
- There are no department-level restrictions overriding the role
5. Set custom field-level permissions
If the role requires hiding specific fields (e.g. cost price from sales reps, salary data from non-HR), navigate to Settings → Custom Fields or the relevant module's permission settings and configure field-level visibility per role.
6. Offboarding — disable instead of delete
When a staff member leaves, go to their record and toggle Active to Off. This:
- Immediately revokes login access
- Preserves all their activity history, assigned tasks, and audit trail entries
- Keeps their name visible on historical documents
Deleting a staff account permanently removes them from audit logs. Only delete test or duplicate accounts — never real users.
Result
The new team member has a working account with exactly the access their role requires, confirmed with a test login. Future access changes are made by editing the role — one change propagates to everyone assigned to it.
Use role templates rather than configuring permissions individually for each new staff member — assigning a pre-configured role takes seconds and ensures consistent permission sets across staff in the same position without permission drift over time.
Deactivate departing staff accounts immediately on the last day of employment — do not delete them. Deletion removes the staff member from all historical records (approved documents, resolved tickets, completed tasks) that reference their account, corrupting audit trails permanently.