Concept overview

Concept deep dive

Access groups and permissions

Access groups define what different people can see and do. They protect sensitive data while giving admins, managers, payroll, clients, facilities, and workers enough access to complete their part of the workflow.

DefinitionHow it worksExampleRelated

Practical rule

Start with roles, then configure app visibility, workspaces, collection permissions, field permissions, mobile sections, and data filters.

Use this page when you need to decide:

what to configure, where the data lives, who should see it, and what the next operational action should be.

Operational visualization

Access groups decide who can see, change, and act.

Group
View
Create
Update
Delete
Owner
Allowed
Allowed
Allowed
Allowed
Scheduler
Allowed
Allowed
Allowed
Limited
Payroll
Allowed
Allowed
Limited
Limited
Facility
Allowed
Limited
Limited
Limited
Worker
Allowed
Limited
Limited
Limited

Permission matrix

Does each role see only the pages, records, fields, and actions they need?

Test every role as a real user before rollout.

Definition

The parts operators need to understand

This is the vocabulary to use when explaining the concept to a scheduler, payroll lead, client manager, or implementation owner.

1

Access Management

High-level access such as web app, mobile app, time clock, approval tools, and account settings.

2

Workspace access

Which sections and pages the group can see.

3

Collection permissions

Whether the group can view, create, edit, or delete records.

4

Schema permissions

Whether the group can view or update each field.

5

Data filters

Which records the group can access, such as only shifts at their location.

1

Common access groups

Most accounts use a small number of role-based groups, then tune them for the customer. Avoid building one-off permissions for every individual unless the business truly needs it.

Super Admin or Owner for full configuration access.
Manager or Scheduler for daily operations.
Payroll for timesheets, pay periods, adjustments, and exports.
Client or Facility Manager for scoped shift creation or review.
Employee or Worker for mobile app actions and self-service.
2

Layered permissions

Access groups should be configured in layers. First decide if the person can access the product area at all. Then decide which pages, records, fields, and actions they can use.

Access Management controls broad product access.
Workspace access controls visible pages.
Collection permissions control record-level actions.
Schema permissions control individual fields.
Data filters control the slice of records visible to the group.
3

Testing access

Permissions are only finished after testing from the user's perspective. A facility user, client user, and worker should each be tested using a real record scenario.

Create a test user in the target access group.
Confirm the left navigation only shows expected sections.
Open records from allowed and disallowed locations.
Try view, create, update, and delete actions.
Confirm hidden fields are actually hidden.

Example: Facility access group

How this shows up in a real Teambridge workflow

Use this as the implementation checklist: each step should produce a visible record, permission, view, or automation.

1

Create a Facility Access Group in Settings.

2

Turn on web access and turn off mobile/time clock access if not needed.

3

Make Schedule and Shifts visible, while keeping Team and Configuration hidden.

4

Filter data by the facility user's associated locations.

5

Give full access to allowed Shift fields and limited view access to Location and User fields.

6

Log in as a facility user and confirm they can only manage their location's shifts.