Authorization system

Here we explain how the permissions system works in StampLab.

Role-based authorization system

StampLab includes a role-based authorization system. This means that the assignment of permissions to certain users is done by assigning roles (How do I change the roles of an employee?).

In addition to the roles created by yourself, we also create two roles for you, with special permissions. These roles cannot be deleted by you.

1. owner

The user who creates the workstation is entered as the owner of the workstation. He is fully authorized to manage the workstation.

Only the owner of a workstation is authorized to delete the workstation or edit the subscription. The owner shares all other permissions with the manager role of the workstation.

2. manager (role)

Users with the Manager role are granted the following permissions:

  • all permissions of the Time Bookkeeper role.
  • Manage work schedules (create, delete, publish, assign employees, accept shift application, delete shift application)
  • Manage employees (invite, delete, adjust hourly account and hourly wage)
  • Manage surveys
  • Manage roles (create, assign employee roles, delete, edit)
  • Manage shifts (for example, early shift) (create, delete, edit)

3. time keeper (role)

Users with the Time Bookkeeper role are granted the following permissions:

  • View and export working times of all employees
  • Change or delete working times if necessary
  • Display the live overview of the currently working employees of the workplace

4. employees

Regular employees who hold roles you create yourself have access only to information in their roles. This means the following:

  • In the work schedule, they will only see shifts that match their roles
  • They see only accepted shift applications of other employees
  • They only have access to their own entered times
  • They can basically not perform administrative operations