Roles, permissions & approvals
Two ideas power every module in Hubtoll: permissions decide who can do what, and approval workflows decide how requests get signed off. Learn them once, and every module makes sense.
Permissions & roles
A permission is a single capability — "can manage leave", "can approve exits", "can view budgets". You give each person a set of permissions, and Hubtoll checks them on every action. A role is just a saved bundle of permissions you can reuse, so you don't hand-pick them one by one for every new hire.
The person who creates your company starts with full access. From there, you decide exactly how much each colleague can see and do.
Kinds of permission
Most modules offer the same consistent family of permissions, so once you recognise the pattern you can read any of them at a glance:
| Kind | What it lets someone do |
|---|---|
| Editor | Create, update and delete within that module. |
| Read-only | View, but not change. |
| Initiator | Start or submit a request (for example, raise a budget or an exit). |
| Workflow approver | Act on approvals in that module. |
| Workflow editor | Configure that module's approval workflows. |
| Settings editor | Manage a module's setup data (like leave categories). |
Some modules split further by area — for example, Employee records has separate permissions for staff records, office locations and departments.
Self-service is open by design. Everyday personal actions — filing your own leave, logging your own time, updating your own record — don't need a special permission. Any member of your company can do them.
Company-wide roles
A few broad grants save you from assigning module permissions one at a time:
| Role | Grants |
|---|---|
| SUPER_ADMIN | Full access to everything in the company. |
| CORPORATE_READONLY | View access across every module (never changes). |
| CORPORATE_INITIATOR | Can start any kind of request, in any module. |
| CORPORATE_WORKFLOW_EDIT | Can configure the approval workflows of any module. |
Granting access
To manage who can do what:
- Open your list of corporate users (the all-users admin screen).
- Choose a person and open their permissions.
- Permissions are grouped for you — Top-level, Corporate management, Human resources (employee, leave, budget, exit, onboarding, recruitment, timesheet, learning, appraisal, forms, subscription) and Document management — so you can find what you need quickly.
- Tick the capabilities they should have and save.
To reuse a common set — say "Department manager" or "HR officer" — save it as a named role and apply it to future people in one click.
People only see the screens their permissions allow. A menu item someone can't use simply doesn't appear for them.
Approval workflows
An approval workflow is an ordered chain of steps that a request travels through before it's finalised. You build one per module (leave, budgets, exits, appraisals, onboarding, recruitment, timesheets, employee records and more), and each step names who must approve.
Workflows are how Hubtoll matches your real chain of command — whether that's a single manager sign-off or a multi-level review. A workflow can also be set to no approval required, in which case requests are accepted automatically.
Set up your workflow first. A module needs an active workflow before anyone can submit into it. If none exists, submitting shows a message asking an admin to create and enable one.
Choosing approvers for a step
Each step in a workflow points at an approver by category, so the right person is found automatically for every request — no need to hard-wire specific names everywhere:
| Approver category | Who approves |
|---|---|
| Initiator of the request | The person who raised it (used to route a request back to the submitter — for example, to confirm changes). |
| Line manager of the initiator | The submitter's direct line manager (found automatically from their record). |
| Selected user | One specific employee you name. |
| Head of a group | The head of a chosen department/team. |
| Sub-head of a group | The deputy of a chosen department/team. |
| Any user in a group | Anyone in the chosen group may pick it up and approve. |
"Group" means a department/classification. Leave has one extra option — the leave reliever covering for the person who's away.
Building a workflow
Every module has a Business process management (BPM) screen in its settings. There you:
- Choose the workflow type — for new requests (Create) or for edits to already-approved records (Update).
- Choose whether approval is required. If not, requests are auto-approved and no steps are needed.
- Decide whether the submitter can edit the record before approval starts.
- Add your steps in order. The first step is the initiator (raising the request completes it), so your real approvers begin at step two.
- Pick the send-back behaviour (below), then switch the workflow active.
Configuring workflows requires the workflow-editor permission (or a company-wide admin role).
Approve, reject, redirect
When a request reaches an approver, they have three choices:
- Approve — the request moves to the next step. When the final step approves, the request is fully approved.
- Reject — the request is declined and stops there.
- Redirect — send the request back to an earlier step. Choosing "request changes from the initiator" sends it back to the submitter to edit and resubmit; choosing another step sends it to that approver.
Approving a middle step doesn't finalise anything — the request simply advances. It's only complete when the last step signs off.
Send-back behaviour
When a redirected request is approved again, where does it go next? That's the redirect-back-to-sender setting on the workflow:
- On — after the fix is approved, it goes straight back to the person who asked for the change.
- Off — normal forward flow resumes from the next step in sequence.
This lets you choose between "come back to me once you've fixed it" and "carry on down the chain".
Approving edits after the fact
Sometimes a record needs to change after it's already been approved. If you want those edits to be reviewed too, configure a separate Update workflow for that module. Then, editing an approved record opens a fresh approval using the Update workflow — the original stays intact until the change is signed off. If you don't set up an Update workflow, approved records simply stay locked. This mirrors how leave handles a change to already-approved time off.
Where approvals appear
When a request needs someone's attention, Hubtoll notifies the right approver in-app and by email, with a link straight to the approval screen. Each module has its own approval view where approvers act and can see the full decision history — who approved, who sent it back, and when.
Good to know
- One active workflow per type, per module. Turning a new one on automatically turns off the previous active one of the same type — so there's never any ambiguity about which chain is in force.
- A workflow that requires approval must have at least one step.
- Some modules add their own time limits on top (like a deadline window) — those are enforced in addition to the approval chain.
- Workflow setup is scoped: an appraisal administrator, for example, configures appraisal workflows only.
Reach the Hubtoll team on WhatsApp or email cloud@digitalvortextech.org. We usually reply within a few hours (Mon–Fri, 8:00–19:00 GMT).