Roles & Permissions

Luna HR uses role-based access control to determine what each employee can see and do. Every employee is assigned a role, and each role has a set of permissions.

How it works

Roles

A role is a named set of permissions — for example, "Employee", "Manager", or "HR Admin". Each employee has exactly one role, which controls their access across all modules.

Roles are not the same as job titles — an employee might have the job title "Senior Developer" but the Luna HR role "Manager" (because they manage a team).

Permissions

Permissions are specific capabilities. Luna HR uses permission strings like:

| Permission | What it allows | |-----------|---------------| | leave:approve | Approve or decline leave requests | | expenses:approve | Approve expense reports | | training:approve | Approve training requests | | assets:manage | Check in/out assets, add new assets | | admin | Full access to all admin settings |

A role can have any combination of permissions. For example, a "Team Lead" role might have leave:approve and expenses:approve but not admin.

Common role setups

| Role | Permissions | Who it's for | |------|------------|-------------| | Employee | (none) | Standard employees — can view their own data and submit requests | | Manager | leave:approve, expenses:approve, training:approve | People managers who approve requests for their team | | HR Admin | admin | HR staff who need full access to configuration and employee management | | Finance | expenses:approve, assets:manage | Finance team members who authorise expenses and manage assets |

Setting up roles

1. Go to Admin > Org Structure
2. Navigate to the Roles section
3. Click Add Role
4. Give the role a name and select the permissions it should have
5. Assign the role to employees via their employee profile

Important notes

• Permissions are additive — a role grants capabilities, it never restricts default access
• Every employee can view their own data, submit leave requests, and submit expense reports — regardless of role
• Structural roles are separate — the role you assign to a node membership (member, manager, lead) is different from the Luna HR permission role. Structural roles determine approval routing; permission roles determine what features are accessible
• Admin permission grants access to all admin pages and settings. Use it sparingly

Related

• Company Structure — structural roles at org nodes
• Approvals — how permissions affect approval routing