The User Roles section allows the Global Admin to create custom roles with configurable permissions, manage employee data across modules, and control organizational workflows. Roles can also be assigned by region.
Default roles (ESS, Supervisor, and Global Admin) cannot be edited. Custom roles can be created via the Add User Role page.
Administrators can set permissions and access levels to define:
What Global / Default Admin can do: has access to all the modules in the system and can view/access all employee information within the system, working in multiple locations/regions of the organization (Regional access configuration is available only in the OrangeHRM Enterprise system)
What supervisors can view or do: Configure visibility and action rights for supervisory roles, such as accessing team reports, approving leave requests, or managing subordinate information
What employees can view or do: Define the level of access for regular employees, including viewing personal information, submitting requests, or updating their own profiles
Custom role creation: Design new user roles with specific permission sets to accommodate unique organizational requirements
By customizing user roles and permissions, administrators ensure that each user has the appropriate level of access to perform their job functions while maintaining data security and operational control.
How to Add a User Role
Step 1 - To add a new user role, click on the Add user role button.
Note - Data Group Permissions for Default ESS and Default Supervisor roles can be modified by the Global Admin if required. However, Workflow Permissions for default user roles are not editable.
In addition to the default roles, organizations can create custom user roles to suit their requirements. For guidance on role relationships, refer to How to Add/Remove Supervisors and Subordinates.
Once clicked, the following screen will appear.
Step 2 - Complete all the required fields.
Step 3 - Once you complete all the required fields, click on the "Save" button.
Refer to the table below for assistance in completing the above fields.
| Section | Field/Option | Description |
| Type | Select the user role type from the available options in the dropdown menu. | |
| User Role Name | User Role Name * | Enter a unique name for the custom user role. This field is required. |
Employee Actions
| Permission | Description |
| ☐ Add Employee | Grant permission to add new employees to the system |
| ☐ Terminate Employment | Grant permission to terminate employee records |
Workflow Management
Select the workflow management options the user should be privileged to. Workflow management refers to the admin privileges related to actions in the system.
Ex: As a standard practice, A supervisor has to approve a requested leave. However, an admin user with ‘Leave workflow’ access privilege may also approve the said request as well.
| Permission | Description |
| ☐ Asset | Grant permission to manage asset-related workflows |
| ☐ Survey Campaigns | Grant permission to manage survey campaigns |
Data Group Permissions
Select Data Group Permissions. Click each category to expand. You can decide the level of permission.
For each module, administrators can set permissions by selecting the appropriate checkboxes.
The available permissions include
Read: Grant users the ability to view records
Update: Grant users the ability to modify existing records
Create: Grant users the ability to add new records
Delete: Grant users the ability to remove records
This permission structure allows administrators to precisely control what actions users can perform within each module. It will vary according to the modules