Roles & Permissions

The access-control layer that decides who can see, edit, approve, and delete anything in your company's vimigo account.

What is it?

Before anyone can do anything in vimigo - view a leave application, approve a goal, change a commission setting - the system checks two things:

What role does this person have? (e.g. "Manager", "HR Admin", "Staff")
Does that role have the required permission? (e.g. "Approve Pending Leaves", "View Diamond Dashboard")

Every company starts with four default roles - "Employer", "Human Resource / Administrator", "Manager", and "Staff" - but the permissions attached to each role are completely up to you. Two companies can have wildly different setups for the same role name.

For sensitive records, vimigo also supports object-level access (called SRA internally). This lets you designate specific individuals as approvers, editors, or watchers on a single goal or sales record - without handing them blanket company-wide approval powers.

Quick Start

Go to People > "Access Rights" to see the roles your company has.
Go to People > "vimiPermissions" to see the permission matrix - rows are permissions, columns are roles.
For a new employee, set their role in People > click their name > "Access Rights" dropdown.
To give Managers the ability to approve leaves, find "Approve Pending Leaves" in the matrix and tick the checkbox under the "Manager" column. Changes auto-save.

After this, employees only see the menu items and buttons their role permits.

For Admins (Employer / HR / Manager)

How to assign a role to an employee

Open People > click the employee's name.
Find the "Access Rights" section on their profile.
Pick the role from the dropdown - e.g. "Manager".
Click "Update".

You can't change your own role this way - ask another Employer to do it for you.

How to configure permissions for a role

Permissions live in a matrix: rows are permissions (grouped by module), columns are the four default roles plus any custom roles.

Open People > "vimiPermissions".
Find the module section (e.g. "Leaves" or "Goal Commissions").
Tick the checkbox at the intersection of the permission row and the role column.
A "Saving..." indicator appears, then "Saved" confirms.

Example - you want Managers to approve goals for their team:

Find "View Goal Commissions" → tick "Manager" column.
Find "Edit Goal Commissions" → tick "Manager" column.
Find "Approve Pending Goals" → tick "Manager" column.

Tip: Click the module header row (e.g. the "Leaves" label) to toggle every permission in that module at once for the selected role. vimigo asks you to confirm: "Are you sure you want to change all module permissions for this role?"

Warning: New companies start with an empty permission matrix - no role has any permissions by default. Either configure each one, or ask vimigo support to apply a template from another company.

How to create a custom role

Beyond the four defaults, you can create custom roles like "Sales Director" or "Finance Manager" with any permission combination.

Open People > "Access Rights".
Click "Create" (if your permission level allows it - requires "Create Company Roles" permission).
Enter a "Role Title" - e.g. "Sales Director".
Click "Save".
The new role appears as a new column in the permission matrix. Tick the permissions it should have.

Custom roles start with no permissions - you have to configure them.

How to understand the four default roles

Role	Default intent	Typical permissions to enable
"Employer"	The boss / company owner	Almost everything
"Human Resource / Administrator"	HR or admin persona	Staff management, leaves, reports, company settings
"Manager"	Team lead	View team data, approve team requests
"Staff"	Regular employee	View own goals, submit leaves, check in

These are starting points - you're free to reshape them. A "Manager" at one company might have approval powers they don't have at another.

How to give someone access to just one goal (SRA)

Sometimes you want a Staff-level employee to approve a particular goal (e.g. a cross-department project) without giving them company-wide approval rights. SRA (Schedule Role Access) handles this.

Open the goal record.
Find the collaborators / roles section.
Under "Approvers", add the user.
Under "Editors", "Watchers", or "Updaters", add users as needed.
Save.

Those users now have access to that specific goal regardless of their company role. Everyone else is still bound by the standard permission matrix.

SRA roles available per object type:

Object	SRA roles
vimiGoal	editors, approvers, watchers, updaters
vimiSales (Personal)	editors, approvers, watchers, updaters
vimiReview	editors, approvers, watchers, updaters, notifiers
vimiTeam	editors

How to copy permissions from another company (for super-admins)

If your vimigo support team is setting up a new company that should mirror an existing one:

Log in to the super-admin backend.
Go to Companies > select the new company > vimiPermissions.
In the "Please select a Template Company" dropdown, pick the source company.
Click "Apply Permission Template".
Confirm - all role-to-permission mappings are copied over.

This is only available to vimigo's own ops team. If you want it for a new company, email vimigo support.

Example: a typical SME setup

For a small Malaysian SME with Ahmad as Employer, Aisha as HR, and Wei as Sales Manager:

Employer (Ahmad) - tick everything he needs to see, including "Update Company Settings", "Update Company Modules", "View Employer Dashboard", all approvals.
Human Resource (Aisha) - tick "All Company Users", "Edit Company Users", "Approve Pending Leaves", "View Company Leave Report", "Edit Employee Leave Entitlement".
Manager (Wei) - tick "View My Department Goals", "View My Department Teams", "Approve Pending Goals", "View My Department Employees Timesheet".
Staff - tick "Clock In", "Clock Out", "Create Leaves", "View Goal Commissions" (so they see their own goals).

For Employees

How to check your own role

Your role is visible on your profile page. Open your avatar > "Profile" - the role title (e.g. "Manager" or "Staff") shows under your name.

If something you expect isn't showing up, your role doesn't have the required permission. Ask your HR admin or employer to enable it for your role - they configure this at People > "vimiPermissions".

Why you might get a "permission denied" error

The two most common reasons:

Your role is missing the permission for that action.
For a specific goal or record using SRA, you're not listed as an approver / editor.

Ask the record's owner or your admin to add you, or adjust your role's permissions.

Can you be an approver on specific goals even as Staff?

Yes. If your company uses SRA, the goal owner can designate you as an approver on individual goals. This is separate from your company-wide role - you get access to that one goal only.

Settings & Configuration

Setting	What it does	Default	Where
Role display name	What the role is called in the UI	Employer / HR / Manager / Staff	People > Access Rights > Edit
Permission toggle	Whether a role has a specific permission	Off (unchecked)	People > vimiPermissions matrix
Custom role	Any extra role you create beyond the four defaults	None	People > Access Rights > Create
SRA assignments	Per-object approvers / editors / watchers	Empty	Inside the goal / sales / review record
Permission template	Copy permissions from one company to another	Not applied	Super-admin backend only

Permission catalogue at a glance

vimigo has hundreds of permissions, grouped by module. Common ones you'll adjust:

Company & staff: "All Company Users", "Edit Company Users", "Update Company Settings", "Update Company Modules", "Edit Company White Label Set".
Goals: "View Goal Commissions", "Edit Goal Commissions", "Approve Pending Goals", "Complete Goal Commissions".
Sales: "View Personal Commissions", "Edit Personal Commissions", "Update Achieved Amounts", "Update Commission Settings".
Leaves: "All Leaves", "Approve Pending Leaves", "Reject Pending Leaves", "View Company Leave Report", "Edit Employee Leave Entitlement".
Attendance / Check-in: "Clock In", "Clock Out", "View My Department Employees Timesheet", "View All Employees Timesheet".
Reports: "View Company Personal Commission Report", "View Company Team Commission Report", "View Company Attendance Report".
Rewards: "View Diamond Dashboard", "View VCoin Dashboard", "Modify User Points".

If you need a permission you don't see in your matrix, it may be gated by a module that isn't enabled. Turn on the module in Company > Module Control first.

FAQ

Q: I ticked a permission but the user still can't access the feature.

A: vimigo caches the navigation menu. Permission changes usually clear that cache automatically, but if the user still sees the old state, ask them to log out and log back in.

Q: I'm an Employer and I can't change my own role.

A: By design. An Employer must have another Employer or vimigo super-admin change their role. This prevents accidentally locking yourself out.

Q: Can I delete the default "Employer" or "Staff" roles?

A: Technically yes if your role has "Delete Company Roles" permission, but don't - deletion removes the role from everyone currently assigned to it. The four defaults are best left in place.

Q: SRA says a user can approve, but they get a 403 error.

A: Check that the user is actually listed in the record's SRA roles (open the goal/personal/review > collaborator section). A common cause is a typo or the user having the wrong ID when added.

Q: What's the difference between the "Employer" role and the "admin" system role?

A: "Employer" is a company-level role that you can edit. The system roles "admin" (ID 1) and "user" (ID 2) are vimigo super-admin roles - only the vimigo team uses those, and they can't be modified from your company.

Q: Our company has no permissions configured. How do we catch up fast?

A: Ask vimigo support to apply a permission template from a similar-size company. That copies a sensible baseline instead of forcing you to tick hundreds of checkboxes.

Q: What's the difference between "Approve Pending Leaves" and "Approve Employee Leaves Application"?

A: "Approve Pending Leaves" controls the general approver action (typically a Manager acting on team members). "Approve Employee Leaves Application" is the company-level admin permission for HR to approve on behalf of the company. Most companies enable both for HR roles.

Q: Can we use SRA and role-based permissions together?

A: Yes - they coexist. SRA is checked first for object-level access. When no SRA role is set on a record, the system falls back to the standard role permission check. Older companies that haven't configured SRA continue to work exactly as before.

Users - assigning a role to a user happens on their profile
Company - the "Update Company Settings" and "Edit Company White Label Set" permissions gate access to company-level config
Departments - permissions like "View My Company Department Users" and "View My Department Goals" are scoped by department

What is it?​

Quick Start​

For Admins (Employer / HR / Manager)​

How to assign a role to an employee​

How to configure permissions for a role​

How to create a custom role​

How to understand the four default roles​

How to give someone access to just one goal (SRA)​

How to copy permissions from another company (for super-admins)​

Example: a typical SME setup​

For Employees​

How to check your own role​

What to do when a menu item is missing​

Why you might get a "permission denied" error​

Can you be an approver on specific goals even as Staff?​

Settings & Configuration​

Permission catalogue at a glance​

FAQ​

Related Guides​